Manage system access and security overview

Applies to: Dynamics 365

This article describes the importance of managing system access and security when you operate Dynamics 365 products.  

Management of system access and security in Dynamics 365 is paramount for organizations that aim to maintain operational integrity, protect sensitive data, and comply with regulatory requirements. As a cloud-based solution from Microsoft, Dynamics 365 offers robust tools and frameworks to ensure that system compliance is aligned with legal, contractual, and corporate standards. This article delves into critical aspects of managing system access and security in Dynamics 365, and highlights the roles and responsibilities of key stakeholders across the organization.

Ensuring the security of Dynamics 365 implementations is essential not only for safeguarding organizational data but also for maintaining trust with stakeholders. Define clear security policies, apply policies, and regularly audit user access and permissions to mitigate risks that are associated with data breaches and unauthorized access.

Dynamics 365 operates within the Microsoft Trusted Cloud, which is built on the foundational principles of security, privacy, compliance, and transparency. The shared responsibility model between Microsoft and its customers ensures that both parties actively contribute toward maintaining system integrity and data protection.

Stakeholders

Effective management of system access and security within Dynamics 365 requires coordinated efforts from various stakeholders across the organization:

• Executive leadership: Chief executive officers (CEOs), chief financial officers (CFOs), and chief information officers (CIOs) provide strategic oversight and align system security initiatives with broader organizational goals. Their guidance ensures that resources are effectively allocated, and that security measures support business resilience.
• IT management: This group includes CIOs, IT directors, and IT managers. It plays a pivotal role in implementing technical security measures and integrating IT resources with overall organizational resilience strategies.
• Data protection officers (DPOs)/privacy officers: These stakeholders focus on data privacy and protection, and ensure that Dynamics 365 compliance measures are aligned with relevant privacy laws. They manage data protection strategies and privacy impact assessments, and act as liaisons with data protection authorities.
• Security officers/information security managers: Chief information security officers (CISOs) and information security managers are responsible for safeguarding systems and data against potential threats. They develop security policies, conduct risk assessments, and oversee incident response procedures.
• Quality assurance (QA) and testing team: QA managers and test engineers validate security measures through rigorous testing of system functionality and configurations. They identify and address compliance issues to ensure that Dynamics 365 implementations meet regulatory requirements.
• Business process owners/functional leads: These stakeholders define the security requirements that are needed to run business processes within Dynamics 365.
• Internal auditors/audit committee: Internal auditors and audit committee members provide independent assurance of governance, risk management, and compliance. They assess the effectiveness of the security setup and recommend improvements.

Manage system access and security process flow

The following diagram illustrates the manage system access and security business process area.

Each solid gray rectangle on the diagram represents an end-to-end business process. The solid blue rectangle represents the business process area. The diagram shows the subprocesses for the business process area. The arrows on the diagram show the flow of the business process in an organization. If a subprocess can lead to more than one other subprocess, the parallel subprocesses are shown as branches.

1. Start

2. Administer to operate

3. Manage system access and security, which has 10 substeps:

   1. Review access policies: Review the security and access policies that were defined during implementation, to ensure that the existing policies are adequate. Make any necessary changes.
   2. Onboard new users: Create new user accounts, and assign the appropriate permissions to them on an ongoing basis.
   3. Update user access: Update existing user access as needed, to ensure that daily activities can be completed.
   4. Revoke user access: Remove access from users when they no longer need it.
   5. Delete users: Remove user accounts that are no longer needed.
   6. Review audit logs: Review audit logs to ensure that security policies are being adhered to.
   7. Manage service accounts and certificates: Review permissions on service accounts to ensure that only necessary permissions are assigned, and that credentials are still secure. Rotate certificates to prevent issues with expiry.
   8. Manage data security: Review the data landscape to ensure that only necessary staff can access sensitive data.
   9. Manage authentication: Review authentication methods, and ensure that they are up to date with current system requirements.
   10. Manage encryption

4. End

The diagram also includes business processes on each side.

• On the left side:

  • Acquire to dispose
  • Case to resolution
  • Concept to market
  • Design to resolution
  • Forecast to plan
  • Hire to retire
  • Inventory to deliver

• On the right side:

  • Order to cash
  • Plan to produce
  • Procure to pay
  • Project to profit
  • Prospect to quote
  • Record to report
  • Service to cash

These business processes are related to the steps for managing system access and security in the center of the diagram. However, they aren't directly part of the sequential flow that is described.

In addition, the two large, curved arrows indicate that the process is iterative.

All end-to-end business processes are shown on the left and right sides because management of system access and security is an integral part of all business processes.

Manage system access and security benefits

There are many key benefits that can be used to monitor and measure the success of implementing technology to support the management of system access and security. The following sections outline the key benefits that an organization might monitor and measure for the manage system access and security business process area.

Enhanced data security and privacy

Dynamics 365 provides robust security features, including data encryption and access controls, to ensure that sensitive information is protected. These features help organizations comply with regulations such as the General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act of 1996 (HIPAA). They also help safeguard customer data against breaches and unauthorized access.

Real-time monitoring and alerts

Dynamics 365 provides real-time monitoring and alerts for potential compliance issues. Therefore, organizations can promptly address issues and reduce the likelihood of noncompliance and fines.

Comprehensive documentation and audit trails

Dynamics 365 maintains detailed records and audit trails of compliance-related activities. These features support audit readiness and transparency, and make it easier for organizations to demonstrate compliance to regulators and stakeholders.

Next steps

If you want to implement Dynamics 365 solutions to assist with your manage system access and security business processes, you can use the following resources and steps to learn more. (Links are added, when the articles are ready.)

1. Define a business continuity plan
2. Manage licensing and entitlements
3. Administer system features
4. Manage system access and security (the article that you're currently reading)
5. Train users and increase adoption
6. Monitor systems, environments, and capacity
7. Manage background jobs
8. Manage notifications alerts
9. Uptake software releases
10. Manage data synchronization
11. Manage system compliance
12. Support systems

Related resources

You can use the following resources to learn more about the manage system access and security process in Dynamics 365.

• Secure your Dynamics 365 data and apps
• Protect your data with Dynamics 365 security controls
• Security capabilities for finance and operations apps

Contributors

This article is maintained by Microsoft. It was originally written by the following contributors.

Principal author:

• Phillip Seaton | Senior Solutions Architect

Other contributors:

• Harsh Birla | Principal Solutions Architect
• Rachel Profitt | Principal Program Manager
• Pedro Ramalhinho | Senior Solutions Architect