Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / DB level encryption in...
Microsoft Dynamics CRM (Archived)

DB level encryption in Dynamics CRM 2016 On-premise

(0) ShareShare
ReportReport
Posted on by Akash.Bajaj 20

Hi Experts,

 I am a Dynamics CRM developer working on an implementation. Our CRM 2016 is setup in a way that it is hosted on Azure (IFD) and we have internal users (100) as well as external users (3000) accessing CRM. All external users (3000) have a license of Dynamics CRM and they access it directly and not through a portal.

Now, these external users have some of their data in our CRM system which only they (the particular external user) should be able to access and that none of the internal users including the System Admin, DB owner etc. should not be able to see this information. Theoretically, I believe this can be implemented if we allow each of our external users to generate and keep with them a key which can be used to encrypt and then decrypt the encrypted data on their side. Only the external user will have access to this security key. Now, I have the following questions:

1. How to implement the generation of security key in CRM? Keep in mind that this key should not be stored in CRM because then the internal staff can use the key to see the external user's data.

2. How to then encrypt and decrypt the data in DB using that key?

3. How to provide a way for the external users to recover the key if they lose it somehow since it is not stored anywhere?

I know the above doesn't sound easy but would be great to implement. So any leads would be appreciated.

*This post is locked for comments

  • Suggested answer
    Kokulan Profile Picture
    Kokulan 18,052 on at
    RE: DB level encryption in Dynamics CRM 2016 On-premise

    What if you create plugin that triggers on prevalidation of create/update of these entities  and encrypts data. The plugin can check if the user is external or internal

    If it's external user encrypt every field and decrypt the field only if it's external user on Retrieve or Retrieve Multiple.

    You will have to do the decryption on Retrieve and Retrieve Multiple events. And do the encryption and Create and Update.

    This way you as developer get to decide and use best encryption and secure the key.

    You can store the key securely on Azure if you want

    Sine you may have to do the encryption/decryption for multiple plugins you could move this bit of code into a static method and reuse on all the plugins may be.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Announcing Our 2025 Season 1 Super Users!

A new season of Super Users has arrived, and we are so grateful for the daily…

Vahid Ghafarpour – Community Spotlight

We are excited to recognize Vahid Ghafarpour as our February 2025 Community…

Tip: Become a User Group leader!

Join the ranks of valued community UG leaders

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 292,516 Super User 2025 Season 1

#2
Martin Dráb Profile Picture

Martin Dráb 231,401 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans