Microsoft Dynamics 365 security

Dynamics 365 is the Microsoft cloud-based solution that unifies customer relationship management (CRM) and enterprise resource planning (ERP) capabilities.

Dynamics 365 security topics

Secure identity

Dynamics 365 relies on Azure Active Directory to provide authentication for user access, helping to protect Dynamics 365 from unauthorized access. It simplifies the management of users and groups, and enables you to assign and revoke privileges easily.

Dynamics 365 uses the same identity platform as Office 365, so a user of both services has the same username and password. Customers can federate an on-premises Active Directory or other directory stores to enable using corporate credentials to authenticate.

Secure apps and data

Dynamics 365 uses encryption to protect your data. Connections established between customers and Microsoft datacenters are encrypted, and all public endpoints are secured using industry-standard Transport Layer Security (TLS). TLS effectively establishes a security-enhanced browser-to-server connection to help ensure data confidentiality and integrity between desktops and datacenters.

We also provision you with your own logically isolated data repository to maximize the security and integrity of your data. And, when systems become outdated or are no longer operational, Microsoft operations personnel follow rigorous data-handling procedures and hardware disposal processes.

Secure infrastructure

Dynamics 365 is hosted in Microsoft datacenters and uses their security measures and mechanisms to protect data. Microsoft blocks unauthorized traffic to and within datacenters, using a variety of technologies. We constantly maintain, enhance, and verify the infrastructure, and employ regular penetration testing to continually validate the performance of security controls and processes.

Dynamics 365 is designed on the principles of the Security Development Lifecycle, a mandatory Microsoft process that embeds security requirements into every phase of development. The Dynamics 365 operations team also follows the rigorous standards set by Microsoft Operational Security Assurance to help protect customer data.

Role-based security

Dynamics 365 uses role-based security. Role-based security is aligned with the structure of the business. Users are assigned to security roles based on their responsibilities in the organization and their participation in business processes, and access is granted to these security roles rather than to individual users. Furthermore, the administrator grants access based on the duties the users perform in their roles, not to the program elements used by the users to fulfill their roles.

Threat management

To ensure that activities within the service are legitimate, and to detect breaches or attempted breaches, Dynamics 365 takes advantage of the cloud service infrastructure and security mechanisms. The Dynamics 365 environment deploys antimalware software that helps protect your infrastructure against online threats. Microsoft also provides intrusion detection, distributed denial-of-service (DDoS) attack prevention, and regular penetration testing to help validate security controls.

Physical security

Dynamics 365 is deployed in Microsoft datacenters, which are protected by defense-in-depth security that includes perimeter fencing, video cameras, security personnel, secure entrances, and real-time communications networks. The defense-in-depth security continues through every area of the facility and to each physical server unit. The Microsoft Cloud Infrastructure and Operations Group delivers the core infrastructure and foundational technologies for Dynamics 365. Our datacenters comply with industry standards for physical security and reliability and are managed, monitored, and administered by Microsoft operations personnel.

Contact Trust Center

Need help evaluating our products? Can’t find the information you need?

Looking for general technical support?

Contact Microsoft support