What security does Dynamics 365 Business Central offer?

If you are considering starting Microsoft Dynamics 365 Business Central in its Software as a Service (SaaS) mode or migrating to this version of the product, you may be wondering what security guarantees it offers you. In terms of security, how does Business Central support your digital transformation strategy?

From Triangle we like to throw some questions on the air: Do you really think you can invest more in security than Microsoft itself? Do you think you can protect your data better against an attack than Microsoft? As Microsoft CEO Satya Nadella said, “Businesses and users will only adopt technology if they can trust it.”

It is for this reason that we will now list what features Business Central incorporates in terms of security.

Meet Microsoft Azure

Dynamics 365 Business Central, as well as the rest of Microsoft’s cloud products, are hosted in Microsoft’s own cloud known as Azure. These Data Centers are located in various parts of the world and, in addition, there are always two replicas of your database, in case something happens to a Data Center. Your database will be hosted will depend on the Microsoft product you are using and your geographic location. Of course, as a general rule your data will not be transferred outside the geographical area selected in the implementation.

The databases are protected with automatic backups that are kept for 14 days and are also carried out:

  • Full database backups: weekly
  • Differential Database Backups: every hour
  • Transaction log backups: every 5 minutes.

On the other hand, Microsoft has an internal division aimed at reviewing and improving cybersecurity and cyber defense processes and investing over $ 1 trillion to this end.

Some of the security features of Microsoft Azure are:


Dynamics 365 Business Central SaaS uses the Azure AD authentication method.


Azure uses encryption protocols to protect your data. For example, backups will always be encrypted.


Azure is protected with Microsoft multi-factor authentication. This is a two-step authentication process that adds a second extra layer of security at logins and transactions.

Business Central Security

In the configuration process of Business Central there are some settings that will allow you to control the security of data access through:

[unordered_list style=’circle’ number_type=’circle_number’ animate=’no’ font_weight=”]

  • User roles: These are security privileges that, depending on the role assigned to each user, will allow you to perform a series of actions and define your access to the data. To avoid inconsistencies of authorizations and permits in large organizations, from Triangle we recommend the use of 2-Control.


Thanks to user roles, application administrators can control precisely what actions each user and each department can take. By default, Business Central proposes a series of roles such as marketing manager, system administrator and accounting title, among others.

[unordered_list style=’circle’ number_type=’circle_number’ animate=’no’ font_weight=”]

  • Access rights: based on the role system, access rights mark which entities that user has access to. It may be that a finance person can access purchases, but not vice versa. Access rights allow such combinations.
  • User privileges: Finally, we can define what privileges that user will have in terms of records. We can define whether you can create, read, write, delete, append, assign and / or share. This can be useful, for example, to define that all commercials have access to all customer records but can only edit or delete those of the customers they manage directly.
  • User sessions: By default, sessions have a 24-hour time-out to disconnect, but you can add an extra layer of protection and reduce the time in which users will have to log in again after idle time.
  • Audit of the changes: Business Central stores the information of all the changes that are made in the system. In this way, the application administrator can trace what changes the user has made. You can monitor, among others, the time that a user has accessed certain information, if records have been deleted and any type of update in the system.


Who can access my data?

You are the owner of your data and, therefore, you can access them whenever you consider it necessary. In addition, you can make copies whenever you deem it convenient without notifying Microsoft. In that sense, if one day you decide to cancel your subscription to the tool you will have your data available for 90 days for its extraction.

After this period, Microsoft will delete all your records and your history and you will no longer be able to access that database.

In case that a problem arises and you need help, Microsoft or any of the subcontracted companies, you can grant access to your data so that they can offer you support.

Although it is a SaaS service and you share the platform and servers with other users, that does not mean that they will have access to your data. Microsoft isolates your data to protect them from improper access.

From Triangle we would like to convey the confidence that the cloud is a safe environment, and we hope this blog has helped eliminate any concerns you may have regarding security concerns of the SaaS environment of Dynamics 365 Business Central. Do not hesitate to contact us if there are any doubts to resolve or if you want to explore this implementation option for your company.

You may also like:

Posts relacionados