When you enable Dynamics 365 mobile offline, Dynamics 365 (online) data is downloaded to the SQL Azure database using the Azure cloud, based on the entities you enable for offline availability. When a user connects to the Azure Cloud service from a mobile app with the offline capability, data is downloaded from the SQL Azure database to a local database on the mobile device. Data transfer between the SQL Azure database on the Azure cloud and the Dynamics 365 mobile app with the offline capability is through a secure SSL connection. Ultimately, customer data is stored in SQL Azure database and on the mobile device.
An administrator determines whether or not an organization’s users are permitted to go offline with Microsoft Dynamics 365 Mobile Offline Application by using security roles and Dynamics 365 Mobile profile customization. Dynamics 365 administrators can configure which entities are downloaded via Offline Sync by using the Sync Filters setting in the Setting –Mobile Offline dialog box.
Note that data stored in the user’s device is controlled by the customer, not Microsoft. The Administrator has full control over the data that can be extracted at the user security role or entity levels. After the data is extracted, however, it will have left the security boundary provided by Dynamics 365 Online.
A list of the Azure components and services that are involved with Mobile offline functionality is provided below.
Note: For more information about additional Azure service offerings, see the Microsoft Azure Trust Center.
Cloud Services (Web role)
Mobile Offline leverages two cloud services, one for provisioning and the other for data sync.
The provisioning service has a single web role that reads messages from the Service Bus (SB) queue for different events coming from Dynamics 365 such as provisioning or de-provisioning. Then it processes those messages by creating/deleting organization databases and submitting recurring work items (messages) on the data sync SB queue. During this process, it reads/writes configuration data either from the CSCFG file or from the Dynamics 365 SW API.
The data sync service has two web roles. One keeps the schema and data of the staging database in sync with a Dynamics 365 organization’s metadata and data, while the other web role is for running the Sync server and processing client’s sync requests. The first web role processes messages from the data sync SB Queue for different orgs and then contacts Dynamics 365 to get the metadata and data changes before committing them to the staging database. It also does the job on configuring Sync server with the organizations coming in and out of the system and their client models. The other web role runs the Sync server (unmanaged code) to host admin and sync endpoints. The admin endpoint is used by the other web role to send configuration data. The sync endpoint is used by external clients (Dynamics 365 Mobile Application) to do data sync. Just like provisioning service, both these roles read/write configuration data either from the CSCFG file or from the Dynamics 365 SW API.
Queue
Mobile Offline uses Azure Queues for message exchange between Dynamics 365 and Azure. It is used to maintain work items that are processed by the cloud services. Each message stores information such as the org id, entity name for which to sync data, and connection string for the org’s OData endpoint.
SQL Database
Mobile Offline uses the Azure SQL Storage to store:
Storage
Mobile Offline uses Azure Blob Storage to store logs and traces generated by cloud service.
Active Directory Service
Mobile Offline uses the Azure Active Directory Service to authenticate with other services such as Dynamics 365 or SW API or Azure Management APIs.
Azure DNS
Mobile Offline uses Azure DNS to redirect client requests, based on org names, to the correct cloud service endpoints.
Azure virtual Network
An Azure virtual Network (VNet) is a representation of your own network in the cloud. The Dynamics 365 Product Team can control your Azure network settings and define DHCP address blocks, DNS settings, security policies, and routing.
Azure Load Balancer
The Azure Load Balancer delivers high availability and network performance to your applications. It is a Layer-4 (TCP, UDP) type load balancer that distributes incoming traffic among healthy service instances in cloud services or virtual machines defined in a load balancer set. We use it to load balance our end points in a deployment.