Events
Power BI DataViz World Championships
Feb 14, 4 PM - Mar 31, 4 PM
With 4 chances to enter, you could win a conference package and make it to the LIVE Grand Finale in Las Vegas
Learn moreThis browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Microsoft services adhere to data privacy and compliance requirements when they secure customer data by encrypting data at rest. This practice secures the data from being exposed if a copy of the database is stolen. When data encryption at rest is used, any stolen database data is protected from being restored to a different server without the encryption key.
By default, data is encrypted by using Microsoft-managed keys. However, if you want more control over your encryption keys, you can manage your own keys by using customer-managed keys (CMKs) instead. CMKs must be stored in Microsoft Azure Key Vault.
This article explains how to set up CMKs to control encryption keys for data at rest in finance and operations environments.
Important
You can enable enforcement of the CMK policy for finance and operations environments where Microsoft Power Platform integration is enabled). Finance and operations environments without Microsoft Power Platform integration will continue to use Microsoft-managed keys to encrypt their data.
After the CMK policy is enabled, it also applies to environment-specific resources, including SQL databases and Azure storage accounts. For details and exceptions across services, see the CMK support across finance and operations apps section later in this article.
To enable customer-managed keys for your finance and operations apps environment, follow these steps:
Enable the Microsoft Power Platform integration.
Note
If you set up integration with an existing Power Platform environment, CMKs shouldn't be enabled in that environment before integration. (Support for that scenario will be enabled in future.)
After Microsoft Power Platform integration is enabled, the environment name will be shown in the Power Platform environment information on the environment details page in Microsoft Dynamics Lifecycle Services. This name is also the name of your Dataverse organization. Make a note of the environment name, because you'll need it for the next steps.
Note
The name of your finance and operations environment might differ.
Enable CMKs in Microsoft Power Platform, and create an enterprise policy.
Add the environment that has the previously noted name to the enterprise policy.
Lifecycle Services might provide several add-ins for finance and operations environments that are integrated with Microsoft Power Platform. However, some add-ins provide only partial support, or no support, for CMKs. The following table describes the limitations that apply to various add-ins.
Add In | Status |
---|---|
Tax Calculation | Deployments of the Tax Calculation add-in that use the stand-alone Regulatory Configuration Service (RCS) don't support CMKs for the encryption of related resources. Support for CMKs is expected in late 2023, when RCS functionality is added to the finance and operations platform. |
Electronic Invoicing | Deployments of the Electronic Invoicing add-in that use stand-alone RCS don't support CMKs for the encryption of related resources. Support for CMKs is expected in late 2023, when RCS functionality is added to the finance and operations platform. |
All other add-ins | All other add-ins support CMK policies. |
Not all finance and operations apps support CMK policies. The following table describes the CMK support status of each app.
App | Status |
---|---|
Dynamics 365 Supply Chain Management | Finance and operations environments that are provisioned under Dynamics 365 Supply Chain Management support CMKs for the encryption of all environment-specific resources at rest. |
Dynamics 365 Human Resources | Dynamics 365 Human Resources installations that are provisioned via a finance and operations environment support CMKs for all environment-specific resources. The Human Resources stand-alone app doesn't support CMKs. To enable the use of CMKs, you must first use migration tooling to migrate your stand-alone Human Resources environment to a finance and operations environment. |
Dynamics 365 Finance | Finance and operations environments that are provisioned under Dynamics 365 Finance support CMKs for all environment-specific resources. Note: If you use RCS to complement your Dynamics 365 Finance environment, data that's managed under RCS environments doesn't currently support CMKs. Support for CMKs is expected in late 2023, when RCS functionality becomes available for finance and operations apps. |
Dynamics 365 Commerce | Finance and operations environments that are provisioned under Dynamics 365 Commerce support CMKs for all environment-specific resources except the e-commerce content management system (CMS) and recommendations. CMK support for the e-commerce CMS is expected to be enabled in the future. CMKs can't be applied to Commerce Scale Units, e-commerce, and ratings and reviews components that are located in a different geo than the finance and operations environment that CMKs are enabled for. |
Microsoft Dynamics Lifecycle Services | Data that you store in Lifecycle Services (such as file assets, methodologies, task recorder data, and any other project metadata) won't be encrypted by using CMKs. CMK support for Lifecycle Services metadata is expected sometime in the future. |
Demand planning app | Demand planning app for Dynamics 365 Supply Chain Management doesn't fully support CMKs. Full CMK support is expected sometime in the future. |
Events
Power BI DataViz World Championships
Feb 14, 4 PM - Mar 31, 4 PM
With 4 chances to enter, you could win a conference package and make it to the LIVE Grand Finale in Las Vegas
Learn moreTraining
Learning path
Implement finance and operations apps - Training
Plan and design your project methodology to successfully implement finance and operations apps with FastTrack services, data management and more.
Certification
Microsoft Certified: Dynamics 365: Finance and Operations Apps Developer Associate - Certifications
Implement and extend finance and operation apps in Microsoft Dynamics 365.