Protecting data with Dataverse
Part 1: Security from External Threats
In this blog series, we will be covering how to protect data in Dataverse from external and internal threats (both from internal users and Microsoft). In today’s post, we will focus on protecting data from external threats.
Secure Data from Hackers and Malicious Intent
- How can I protect my data from unapproved access?
Dataverse handles authentication with Azure Active Directory (Azure AD) to allow for conditional access and multi-factor authentication. Dataverse also uses Azure AD identity and access management mechanisms to help ensure that only authorized users can access the environment, data, and reports. Conditional access and location awareness can help control access to environments by only allowing trusted devices, locations, and other conditions which can be evaluated for authentication. Essentially, conditional access helps to secure where users can sign into Dataverse environments and what devices they can use. Also, because Dataverse is built on Azure, it benefits from the Azure platform’s powerful security technologies. Encryption of data, both at rest and in transit, also preserves confidentiality.
- How can I quickly identify any threats or suspicious activity in the system?
Dataverse auditing provides ways for system admins to quickly set up audit tracking for their environment. The platform provides the ability to track and log activities that include CRUD operations, opening and viewing records, sharing records, and more. The logs can be easily accessed directly by the client without the need for additional reporting or the export of audit activity. It is important to note that read auditing is configured separately from Create, Update, or Delete as this audit trail may produce a lot of data. Please note, not all environments require read auditing.
Protect, Detect & Respond to External Threats
Protect
We recommend the following preventative steps:
- Utilize Azure AD authentication to confirm identities of those logging into the system.
- Leverage conditional access authentication based on IP address, location, device, or other properties of the user’s authentication context.
- Enablement of auditing (including user access auditing) is a baseline for detections. Learn more about how tomanage Dataverse auditing. For a functional sample which tests the auditing, review audit user access.
Detect
Take these steps to identify and locate possible issues:
- Review audit logs in Azure Active Directory to identify which users have authenticated to Dataverse.
- Retrieve the history of audited data changes in Dataverse.
- Review Microsoft 365 admin center activity reports.
- Use Microsoft Dataverse usage reports.
Respond
Follow these steps to execute an effective response:
- Create a custom Logic App to handle your unique scenarios using Microsoft Sentinel SOAR.
- Modify the authorization settings for the Dataverse entity.
- M365 automations may be applicable in the case of an account compromise.
Additional Resources