Success by design security checklist for key activities in application security
Privacy and compliance
Done? | Task |
---|---|
✓ | Understand the responsibilities of the service provider as a data processor and the customer responsibilities as the owner and data controller. Make sure both sides comply with the relevant laws and regulations. |
✓ | Review the Dynamics 365 cloud service agreements and compliance documentation. Learn about the policies and procedures for handling data, disaster recovery, data residency, and encryption. |
Identity and access
Done? | Task |
---|---|
✓ | Create an identity management strategy that covers user access, service accounts, application users, federation requirements for single sign-on, and conditional access policies. |
✓ | Create administrative access policies for different admin roles on the platform, such as service admin and global admin. |
✓ | Apply and follow the relevant data loss prevention policies and procedures to make changes or request exceptions. |
✓ | Have the necessary controls to manage access to specific environments. |
Application security
Done? | Task |
---|---|
✓ | Understand the app-specific security features and use the native access control mechanisms instead of customizing the build. |
✓ | Understand that hiding information from the view doesn't remove access. There are other ways to access and extract information. |
✓ | Understand the impact of losing the security context when you export the data. |
✓ | Optimize the security model for performance and scalability by following the security model best practices. |
✓ | Have a process to map changes in the organization structure to the security model in Dynamics 365. Do it carefully and sequentially to avoid unwanted cascading effects. |
Next steps
- Learn about security controls in Dynamics 365
- Learn about security features in customer engagement apps
- Learn about security features in Power Pages
- Learn about security features in finance and operations apps
- Learn how to make security a priority from day one
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for