Google Anlatics

Saturday, April 8, 2017

Main Security Features available in Dynamic 365 (CRM) Online

Below are the Main Security Features available Dynamic 365 (CRM) Online .


Security concepts for Microsoft Dynamics 365



Encryption keys

Manage the encryption keys for your Dynamics 365 (online) instance - has been launched.
The manage keys feature in the Dynamics 365 Administration Center gives administrators the ability to self-manage the database encryption keys that are associated with instances of Dynamics 365 (online).
Support: 8.2 Dynamics 365 organization only.


Azure Secure Vault (HSM)

Dynamics 365 (online) currently uses a Microsoft managed key to protect customer databases at-rest using SQL Transparent Data Encryption (TDE) to encrypt and decrypt data and log files in real time.  A common ask from customers is the ability to have control over the encryption keys used. This capability enables you to rollover your key or revoke access on demand in a completely self-service manner.  In this model, you can generate an encryption key and upload it to an Azure Key Vault controlled by Microsoft using the Dynamics 365 Admin Center.

Microsoft recommended securing the encryption keys on the Azure Secure Vault (HSM) which will be released in 2017 December (https://roadmap.dynamics.com/#application=614252f0-2992-e611-80dc-c4346bac0910)

Always Encrypted” feature not available for CRM Dynamic 365.


Multi-Factor Authentication (MFA) or Two-factor authentication (2FA)

2FA or MFA is an increasingly common and more secure method of protecting access to sensitive information or services by requiring an additional method of verifying your identity.


Default CRM provides Basic ,You would need Azure AD Premium ( https://azure.microsoft.com/en-us/pricing/details/active-directory/) which required top-up licenses for that.

Penetration test 

Server level penetration test done by Microsoft only

For more Information please refer below links.


The security model of Microsoft Dynamics 365 : https://msdn.microsoft.com/en-us/library/gg309524.aspx





Thursday, April 6, 2017

Two Factor authentication (2FA) for Dynamic 365 Online

Two Factor authentication (2FA) for Dynamic 365 Online can be done by following below steps.

Sign into office 365 account and navigate to office 365 admin center.

Use https://portal.office.com/ URL for login to the office 365 account.


1. What is Two-Factor Authentication (2FA)? Two-Factor Authentication (2FA) is an additional layer of security that requires a second method of authentication in addition to the password to access an account. It helps protect against unauthorized access to your account, even if someone else gets access to your password.

2. Why is Two-Factor Authentication (2FA) important? 2FA is an important security measure that helps protect your account from unauthorized access. It can be particularly useful in cases where the password has been compromised or stolen. With 2FA, even if someone else gets access to your password, they will not be able to access your account without the second authentication method.

3. What are the different types of Two-Factor Authentication (2FA)? There are several types of 2FA that you can use to protect your account:
SMS/text message: A code is sent to your phone via SMS/text message, which you need to enter to access your account.
Phone call: A code is sent to your phone via a phone call, which you need to enter to access your account.
Email: A code is sent to your email address, which you need to enter to access your account.
Authentication app: An authentication app, such as Google Authenticator, generates a code that you need to enter to access your account.
Security key: A security key, such as a USB dongle, is used to access your account.

4. How to set up Two-Factor Authentication (2FA) for Microsoft Dynamics 365 Online To set up 2FA for your Microsoft Dynamics 365 Online account, follow these steps:

5. Sign into your Office 365 account and navigate to the Office 365 Admin Center. You can use the URL https://portal.office.com/ to login to your account.

6. Click on the Admin icon on the dashboard.

7. To create a new user account, click on the "Add a User" button.

8. Fill in all the required information to create a new user account.

9. Click on the "Manage multi-factor authentication" link.

10. You will be redirected to the Multi-Factor Authentication page. Click on the "Enable" button.

11. Select the authentication method that you want to use for 2FA. You can choose from SMS/text message, phone call, email, authentication app, or security key.

12. Follow the prompts to set up your chosen authentication method.

13. Once 2FA is enabled, you can log into the CRM and set it up by clicking the "Setup it Now" button.

14. You can enable the following features for 2FA:
Basic CRM
Note: Azure AD Premium requires top-up licenses.


Click on Admin Icon in below screen.















User account can be created using below "Add a User" button.






Create User account by filing all the required information




Click on Manage multi-factor authentication link



Then you will redirect to the Multi-factor authentication page.
Click on Enable button.



Then click on below button


Once it is completed then below screen will appear.



Then login in to the CRM.
Then you can setup 2FA by clicking the "Setup it Now" button.


User can enable below feature for 2FA.






Sri Lanka .NET 
                Forum Member