Microsoft Business Central Security

Introduction

The standard for logistics, your industry. Whatever part of logistics you operate in, there should be no doubt about the importance of processes and information flows. Because not only your business operations but also those of your customers stand or fall with your IT solution. That is why we, in collaboration with Microsoft, developed the future-proof industry standard for 3PL. From Transport and Warehouse Management to Freight Forwarding, Finance, and ERP.

The core of the solutions is Microsoft Business Central. Microsoft Busieniss Central was launched in April 2018 and has since onboarded more than 30,000 customers working in professional services, consumer goods, manufacturing, retail, health, hospitality, transport and logistics, finance, and dozens more industries. It has become a mature, battle-tested solution that understands the intricacies of modern business operations in the areas of security, scalability, performance, resilience, and high availability.

The team that develops the Business Central product itself is the same team responsible for running and managing the Business Central online service. They have first-hand knowledge of all its components.

The service is built from the ground up as a multitenant service, comprised of multiple microservices running on the Microsoft Azure cloud ecosystem. It's built on leading technologies such as React, TypeScript, .NET Core, Azure OpenAI, Microsoft Entra, Azure Functions, Containers, Load Balancer, Virtual Machine Scale Sets, Azure Cosmos DB, Key Vault, Service Bus, Traffic Manager, Azure SignalR Service, WebSockets, and many more.

In this article, we will explain the security features of Microsoft Business Central in a public SaaS environment. The infrastructure for Business Central includes servers, storage, networking, and security components. These components are designed to be highly scalable, reliable, and secure to meet the needs of businesses of all sizes.

Some of the key infrastructure components of Microsoft Business Central include:

1. Azure Cloud Platform: Microsoft Business Central is hosted on the Azure cloud platform, which provides a highly scalable and reliable infrastructure for cloud-based applications. Business Central online is running globally in more than 170 countries/regions, out of 21 Microsoft Azure regions, and new countries/regions go live on a quarterly basis.

   Tip

   More information regarding Country/regional availability can be found here.

2. Data Centers: Microsoft operates data centers around the world to provide a high level of availability and redundancy for Business Central users. Microsoft's data centers are designed to be highly resilient, with multiple layers of redundancy built-in to ensure that Business Central is always available to users.

3. Security: Security is a top priority for Microsoft, and Business Central is designed with built-in security features to protect against cyber threats. These features include role-based access control, data encryption, and multi-factor authentication. Microsoft also regularly monitors its infrastructure for potential security threats and implements updates and patches to address any vulnerabilities.

4. Integration: Microsoft Business Central integrates with other Microsoft applications, including Office 365, Power BI, Copilot, and Dynamics 365. This integration enables users to access data and insights from these applications directly within Business Central, making it easier to manage business processes and make data-driven decisions.

5. Mobile Access: Business Central can be accessed through mobile devices, including smartphones and tablets, using the Business Central mobile app. The app enables users to access critical business information from anywhere, at any time, making it easier to manage their operations and finances on the go.

Overall, the infrastructure of Microsoft Business Central is designed to provide a secure, reliable, and scalable platform for businesses to manage their operations and finances in the cloud.

More in Depth

Most of the information regarding Business Central is widely available. However, we understand that it is sometimes hard to find the correct information among all the information available. That's why we summarized a few links to documents related to Business Central.

Built Upon a Foundation of Trust, Security, and Compliance

On the Service Trust site, you can review the available independent audit reports for Microsoft cloud services. Find information about compliance with data protection standards and regulatory requirements:

• International Organization for Standardization (ISO)
• Service Organization Controls (SOC)
• International privacy standards

For example, you can find audit reports and certifications for ISO 27001, ISO 27018, or the SOC 2 Type II reports. Compliance with these regulations ensures that your data is stored securely and that your business remains compliant with relevant regulations.

Tip

More information regarding compliance can be found here: Compliance Overview, Service Trust Site.

Encryption

Encryption is the process of converting data into a form that is unreadable without a decryption key. Microsoft Business Central uses encryption to protect all data stored in its system. The encryption keys are managed by Microsoft, and access to them is tightly controlled.

Microsoft also uses Transport Layer Security (TLS) encryption to secure data in transit. TLS is a widely adopted protocol that ensures data transmitted between servers and clients is secure.

Tip

More information regarding encryption can be found here.

Access Control

Access control is the process of ensuring that only authorized individuals have access to sensitive data. Microsoft Business Central uses role-based access control (RBAC) to manage user access. RBAC allows administrators to assign roles to users, and each role comes with a set of permissions that dictate what the user can and cannot do within the system.

In addition to RBAC, Microsoft Business Central also supports multi-factor authentication (MFA). MFA is an extra layer of security that requires users to provide two or more forms of authentication before accessing the system. This significantly reduces the risk of unauthorized access to the system.

Tip

More information regarding access control can be found here.

Data Backup and Recovery

Backup

Data backup and recovery is an essential aspect of data security. Microsoft Business Central regularly backs up all data stored in its system to ensure that it can be recovered in the event of a data loss. Microsoft also offers disaster recovery options to customers to ensure their data is protected even in the event of a catastrophic event.

Databases are protected by automatic backups that are kept for 28 days. The backup includes data from any production and sandbox environments that the database contains. Administrators of a Business Central tenant can't directly access or manage these backups because they're managed automatically by Microsoft. However, admins can restore their environments to a specific point in time in the past using the Business Central admin center.

Tip

More information regarding backup can be found here: How often are production databases backed up?, Databases and backups, Automated backups in Azure SQL Database.

Recovery

As an administrator, you can restore an existing environment from a time in the past, within the retention period that applies to production environments.

Database backups are an essential part of any business continuity and disaster recovery strategy, as they protect your data from corruption or deletion. Business Central online uses Azure SQL Database as the underlying database backup technology for its environments. All databases are protected by automated backups that are continuously created and maintained by the Azure SQL service.

Permission to restore environments is limited to specific types of users: internal and delegated administrators. The following users are allowed to restore environments:

• Delegated administrators from reselling partners
• Administrators from the organization that subscribes to Business Central online

Tip

More information regarding restoring environments can be found here: Restoring an Environment in the Admin Center. Or you can read more about Business continuity and disaster recovery (BCDR) here: Business continuity and disaster recovery.

Security

A business solution must have a built-in security system that helps protect your database and the information it contains from unauthorized access. It must also allow you to specify what authenticated users are allowed to do in the database, such as what data they can read and modify.

Tip

If you want to have more control within Business Central, more information can be found here: Security in Business Central.

High Availability Through Geographical Redundancy

Each Business Central environment is also protected by automatic geo-redundant backups. If a region experiences a full outage, Azure restores your data from the backup in another Azure region within the same Azure geography.

Business Central is also designed with built-in redundancy, autoscaling, and automatic load-balancing capabilities for its compute resources. To remain available if one or more of its compute instances fail, Business Central runs on other instances.

Tip

More information regarding high availability through geographical redundancy can be found here: Automated backups in Azure SQL Database. Or you can read more about Azure availability zones here.

Microsoft SLA

Business Central online is governed under the Modern Lifecycle Policy. The service level agreement terms are described in the document that you can download from the Service Level Agreements for Microsoft Online Services section on the Licensing terms page.

Lifecycle Policy

Business Central online is governed by the Microsoft Modern Lifecycle Policy, which means continuous service updates and a major update every six months. For more information see our Life cycle policy.

Customer Responsibilities

While Microsoft Business Central provides robust security features, it is still essential for customers to take measures to ensure the security of their data. This includes:

• Using strong and unique passwords for all user accounts
• Regularly monitoring user activity within the system
• Limiting user access to only what is necessary for their role

Tip

More information regarding application security can be found here: Application Security in Business Central.

How Does Boltrics Ensure the Legal Data Retention Requirements for Customer Data?

Boltrics is not responsible for the data. This falls under the responsibility of the customer. Data can be archived and deleted, but this is up to the customer's discretion. There are different options:

• Boltrics Cleanup Setup is available to set up retention on each table.
• Microsoft Retention Policy table, for more information click here.
• Create database export and store them on your own hardware annually, for more information click here.

Logging

• For every modification made to a record, the "Last Modified By" and "Last Modified On" datetime are logged.
• Logging of status changes can be enabled, providing information about each status transition.
• The creation of each new record is logged, including the "Created By" and "Created On" details.
• For customs goods, a separate order type can be used, allowing for more granular rights and permissions to be set. This includes determining who has the authority to perform specific status changes or bookings (status template).

Technical Validation Checklist

Before Boltrics can release code in a SaaS production environment, all code is checked. What Microsoft is checking, you can find here.

Other Articles Regarding Business Central

• Service overview for Business Central Online (SaaS)
• Operational Limits
• Performance

The general information page regarding Business Central can be found here.

Conclusion

Microsoft Business Central provides robust security features to ensure the security of your data in a public SaaS environment. However, customers must also take measures to ensure the security of their data. By implementing strong access control policies, regularly monitoring user activity, and keeping the system up to date, customers can ensure that their data remains secure in Microsoft Business Central.

Disclaimer

Boltrics Learn (learn.boltrics.com) contains references and/or hyperlinks to Microsoft websites or websites of others and information derived or based on information from those websites. Responsibility for the content and availability of these websites lies with the operators of those websites. Boltrics gives no warranty and assumes no liability in relation to (the use of) such information and websites and/or for non-Boltrics products, including Microsoft extensions. Microsoft and/or Boltrics may make improvements and/or changes to their respective product(s) or the information about their products as described on their respective websites. The information on Boltrics Learn is selected or prepared in good faith and included for the information of Boltrics Learn users. Changes are periodically made to the information on this website. Errors cannot always be avoided. No rights whatsoever may therefore be derived from the information provided, which is intended for personal use only. Boltrics accepts no liability for damage resulting in any way from changes made by Microsoft to the Microsoft products as described on its website(s) or Boltrics Learn, as well as on the impact of these changes on Boltrics products, including services, product information, websites, software, software extensions and/or servers of Boltrics. Boltrics makes no representations or communications on behalf of Microsoft.