chamara iresh's Blog: 2017

Saturday, April 8, 2017

Main Security Features available in Dynamic 365 (CRM) Online

Below are the Main Security Features available Dynamic 365 (CRM) Online .

Security concepts for Microsoft Dynamics 365

Further Details visit: https://technet.microsoft.com/en-us/library/hh699698.aspx

Encryption keys

Manage the encryption keys for your Dynamics 365 (online) instance - has been launched.

The manage keys feature in the Dynamics 365 Administration Center gives administrators the ability to self-manage the database encryption keys that are associated with instances of Dynamics 365 (online).

Support: 8.2 Dynamics 365 organization only.

For further details visit: https://technet.microsoft.com/en-us/library/mt492471.aspx

Azure Secure Vault (HSM)

Dynamics 365 (online) currently uses a Microsoft managed key to protect customer databases at-rest using SQL Transparent Data Encryption (TDE) to encrypt and decrypt data and log files in real time. A common ask from customers is the ability to have control over the encryption keys used. This capability enables you to rollover your key or revoke access on demand in a completely self-service manner. In this model, you can generate an encryption key and upload it to an Azure Key Vault controlled by Microsoft using the Dynamics 365 Admin Center.

Microsoft recommended securing the encryption keys on the Azure Secure Vault (HSM) which will be released in 2017 December (https://roadmap.dynamics.com/#application=614252f0-2992-e611-80dc-c4346bac0910)

“Always Encrypted” feature not available for CRM Dynamic 365.

Always Encrypted details visit: https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/always-encrypted-database-engine

Multi-Factor Authentication (MFA) or Two-factor authentication (2FA)

2FA or MFA is an increasingly common and more secure method of protecting access to sensitive information or services by requiring an additional method of verifying your identity.

For further details visit: https://chamarairesh.blogspot.sg/2017/04/two-factor-authentication-2fa-for.html

Default CRM provides Basic ,You would need Azure AD Premium ( https://azure.microsoft.com/en-us/pricing/details/active-directory/) which required top-up licenses for that.

Penetration test

Server level penetration test done by Microsoft only

For further details visit: https://security-forms.azure.com/penetration-testing/terms

For more Information please refer below links.

Microsoft Dynamics 365 security : https://www.microsoft.com/en-us/trustcenter/security/dynamics365-security#secure_apps_and_data

The security model of Microsoft Dynamics 365 : https://msdn.microsoft.com/en-us/library/gg309524.aspx

TDE : https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/transparent-data-encryption-tde

Thursday, April 6, 2017

Two Factor authentication (2FA) for Dynamic 365 Online

Two Factor authentication (2FA) for Dynamic 365 Online can be done by following below steps.

Sign into office 365 account and navigate to office 365 admin center.

Use https://portal.office.com/ URL for login to the office 365 account.

1. What is Two-Factor Authentication (2FA)? Two-Factor Authentication (2FA) is an additional layer of security that requires a second method of authentication in addition to the password to access an account. It helps protect against unauthorized access to your account, even if someone else gets access to your password.

2. Why is Two-Factor Authentication (2FA) important? 2FA is an important security measure that helps protect your account from unauthorized access. It can be particularly useful in cases where the password has been compromised or stolen. With 2FA, even if someone else gets access to your password, they will not be able to access your account without the second authentication method.

3. What are the different types of Two-Factor Authentication (2FA)? There are several types of 2FA that you can use to protect your account:

• SMS/text message: A code is sent to your phone via SMS/text message, which you need to enter to access your account.

• Phone call: A code is sent to your phone via a phone call, which you need to enter to access your account.

• Email: A code is sent to your email address, which you need to enter to access your account.

• Authentication app: An authentication app, such as Google Authenticator, generates a code that you need to enter to access your account.

• Security key: A security key, such as a USB dongle, is used to access your account.

4. How to set up Two-Factor Authentication (2FA) for Microsoft Dynamics 365 Online To set up 2FA for your Microsoft Dynamics 365 Online account, follow these steps:

5. Sign into your Office 365 account and navigate to the Office 365 Admin Center. You can use the URL https://portal.office.com/ to login to your account.

6. Click on the Admin icon on the dashboard.

7. To create a new user account, click on the "Add a User" button.

8. Fill in all the required information to create a new user account.

9. Click on the "Manage multi-factor authentication" link.

10. You will be redirected to the Multi-Factor Authentication page. Click on the "Enable" button.

11. Select the authentication method that you want to use for 2FA. You can choose from SMS/text message, phone call, email, authentication app, or security key.

12. Follow the prompts to set up your chosen authentication method.

13. Once 2FA is enabled, you can log into the CRM and set it up by clicking the "Setup it Now" button.

14. You can enable the following features for 2FA:

• Basic CRM

• Azure AD Premium (https://azure.microsoft.com/en-us/pricing/details/active-directory/)

Note: Azure AD Premium requires top-up licenses.

Click on Admin Icon in below screen.