Success by design security checklist for key activities in application security
Privacy and compliance
Done? | Task |
---|---|
✓ | Understand the responsibilities of the service provider as a data processor and the customer responsibilities as the owner and data controller. Make sure both sides comply with the relevant laws and regulations. |
✓ | Review the Dynamics 365 cloud service agreements and compliance documentation. Learn about the policies and procedures for handling data, disaster recovery, data residency, and encryption. |
Identity and access
Done? | Task |
---|---|
✓ | Create an identity management strategy that covers user access, service accounts, application users, federation requirements for single sign-on, and conditional access policies. |
✓ | Create administrative access policies for different admin roles on the platform, such as service admin and Microsoft 365 admin. |
✓ | Apply and follow the relevant data loss prevention policies and procedures to make changes or request exceptions. |
✓ | Have the necessary controls to manage access to specific environments. |
Application security
Done? | Task |
---|---|
✓ | Understand the app-specific security features and use the native access control mechanisms instead of customizing the build. |
✓ | Understand that hiding information from the view doesn't remove access. There are other ways to access and extract information. |
✓ | Understand the impact of losing the security context when you export the data. |
✓ | Optimize the security model for performance and scalability by following the security model best practices. |
✓ | Have a process to map changes in the organization structure to the security model in Dynamics 365. Do it carefully and sequentially to avoid unwanted cascading effects. |
Next steps
- Learn about security controls in Dynamics 365
- Learn about security features in customer engagement apps
- Learn about security features in Power Pages
- Learn about security features in finance and operations apps
- Learn how to make security a priority from day one
피드백
https://aka.ms/ContentUserFeedback
출시 예정: 2024년 내내 콘텐츠에 대한 피드백 메커니즘으로 GitHub 문제를 단계적으로 폐지하고 이를 새로운 피드백 시스템으로 바꿀 예정입니다. 자세한 내용은 다음을 참조하세요.다음에 대한 사용자 의견 제출 및 보기