Microsoft Business Central security
Introduction
The standard for logistics, your industry. Whatever part of logistics you operate in, there should be no doubt about the importance of processes and information flows. Because not only your business operations but also those of your customers stand or fall with your IT solution. That is why we developed the future-proof industry standard for 3PL. From Transport and Warehouse Management to Freight Forwarding, Finance, and ERP. Microsoft Business Central is a cloud-based solution, as with any cloud-based software, there are concerns about the security of the data stored in Microsoft Business Central, especially when it is deployed in a public software-as-a-service (SaaS) environment.
In this article, we will explore the security features of Microsoft Business Central in a public SaaS environment. The infrastructure for Business Central includes servers, storage, networking, and security components. These components are designed to be highly scalable, reliable, and secure to meet the needs of businesses of all sizes.
Some of the key infrastructure components of Microsoft Business Central include:
Azure Cloud Platform: Microsoft Business Central is hosted on the Azure cloud platform, which provides a highly scalable and reliable infrastructure for cloud-based applications.
Data Centers: Microsoft operates data centers around the world to provide a high level of availability and redundancy for Business Central users. Microsoft's data centers are designed to be highly resilient, with multiple layers of redundancy built-in to ensure that Business Central is always available to users.
Security: Security is a top priority for Microsoft, and Business Central is designed with built-in security features to protect against cyber threats. These features include role-based access control, data encryption, and multi-factor authentication. Microsoft also regularly monitors its infrastructure for potential security threats and implements updates and patches to address any vulnerabilities.
Integration: Microsoft Business Central integrates with other Microsoft applications, including Office 365, Power BI, and Dynamics 365. This integration enables users to access data and insights from these applications directly within Business Central, making it easier to manage business processes and make data-driven decisions.
Mobile Access: Business Central can be accessed through mobile devices, including smartphones and tablets, using the Business Central mobile app. The app enables users to access critical business information from anywhere, at any time, making it easier to manage their operations and finances on the go.
Overall, the infrastructure of Microsoft Business Central is designed to provide a secure, reliable, and scalable platform for businesses to manage their operations and finances in the cloud.
More in depth
Most of the information regarding Business central is widely avaiable. However we understand that it is sometimes hard to find the correct information between all the information avaiable. That's why we summarized a few links to documents related to Business central.
Encryption
Encryption is the process of converting data into a form that is unreadable without a decryption key. Microsoft Business Central uses encryption to protect all data stored in its system. The encryption keys are managed by Microsoft, and access to them is tightly controlled.
Microsoft also uses Transport Layer Security (TLS) encryption to secure data in transit. TLS is a widely adopted protocol that ensures data transmitted between servers and clients is secure.
Tip
More information regarding encryption can be found here.
Access Control
Access control is the process of ensuring that only authorized individuals have access to sensitive data. Microsoft Business Central uses role-based access control (RBAC) to manage user access. RBAC allows administrators to assign roles to users, and each role comes with a set of permissions that dictate what the user can and cannot do within the system.
In addition to RBAC, Microsoft Business Central also supports multi-factor authentication (MFA). MFA is an extra layer of security that requires users to provide two or more forms of authentication before accessing the system. This significantly reduces the risk of unauthorized access to the system.
Tip
More information regarding access control can be found here.
Data Backup and Recovery
Backup
Data backup and recovery is an essential aspect of data security. Microsoft Business Central regularly backs up all data stored in its system to ensure that it can be recovered in the event of a data loss. Microsoft also offers disaster recovery options to customers to ensure their data is protected even in the event of a catastrophic event.
Databases are protected by automatic backups that are kept for 28 days. The backup includes data from any production and sandbox environments that the database contains. Administrators of a Business Central tenant can't directly access or manage these backups because they're managed automatically by Microsoft. But admins can restore their environments to a specific point in time in the past using the Business Central admin center.
Tip
More information regarding backup can be found here: How often are production databases backed up?, databases and backups, Automated backups in Azure SQL Database .
Recovery
As an administrator, you can restore an existing environment from a time in the past, within the retention period that applies to both production and sandbox environments.
Database backups are an essential part of any business continuity and disaster recovery strategy, because they protect your data from corruption or deletion. Business Central online uses Azure SQL Database as the underlying database backup technology for its environments. All databases are protected by automated backups that are continuously created and maintained by the Azure SQL service.
Permission to restore environments is limited to specific types of users: internal and delegated administrators. The following users are allowed to restore environments.
- Delegated administrators from reselling partners
- Administrators from the organization that subscribes to Business Central online
Tip
More information regarding restoring environments can be found here: Restoring an Environment in the Admin Center.
Compliance
Microsoft Business Central is compliant with several industry-standard regulations, including General Data Protection Regulation (GDPR), Sarbanes-Oxley Act (SOX), and Payment Card Industry Data Security Standard (PCI DSS). Compliance with these regulations ensures that your data is stored securely and that your business remains compliant with relevant regulations.
Tip
More information regarding compliance can be found here: Compliance Overview.
Security
A business solution must have a built-in security system that helps protect your database, and the information that it contains, from unauthorized access. It must also allow you to specify what authenticated users are allowed to do in the database, such as what data they can read and modify.
If you want to have more control within Business central than we would advice to look for more information here.
Microsoft SLA
You can find Microsoft's Service Level Agreements for Microsoft Online services here.
Customer Responsibilities
While Microsoft Business Central provides robust security features, it is still essential for customers to take measures to ensure the security of their data. This includes:
- Using strong and unique passwords for all user accounts
- Regularly monitoring user activity within the system
- Limiting user access to only what is necessary for their role
Tip
More information regarding application security can be found here: Application Security in Business Central.
How does Boltrics ensure the legal data retention requirements for customer data?
Boltrics is not responsible for the data. This falls under the responsibility of the customer. Data can be archived and deleted, but this is up to the customer's discretion. There are different options:
- Boltrics Cleanup Setup is available to setup retention on each table.
- Microsoft Retention Policy table, for more information click here.
- Create database export and store them on your own hardware annuall, for more information click here.
Logging
For every modification made to a record, the "Last Modified By" and "Last Modified On" datetime are logged.
Logging of status changed can be enabled, providing information about each status transition.
The creation of each new record is logged, including the "Created By" and "Created On" details.
For customs goods, a separate order type can be used, allowing for more granular rights and permissions to be set. This includes determining who has the authority to perform specific status changes or bookings (status template).
Technical Validation Checklist
Before Boltrics can release code in a SaaS production environment, all code is getting checked. What Microosft is checking, you can find here.
Other articles regarding Business Central
The general information page regarding Business Central can be found here.
Conclusion
Microsoft Business Central provides robust security features to ensure the security of your data in a public SaaS environment. However, customers must also take measures to ensure the security of their data. By implementing strong access control policies, regularly monitoring user activity, and keeping the system up to date, customers can ensure that their data remains secure in Microsoft Business Central.
Disclaimer
Boltrics Learn (learn.boltrics.com) contains references and/or hyperlinks to Microsoft websites or websites of others and information derived or based on information from those websites. Responsibility for the content and availability of these websites lies with the operators of those websites. Boltrics gives no warranty and assumes no liability in relation to (the use of) such information and websites and/or for non-Boltrics products, including Microsoft extensions. Microsoft and/or Boltrics may make improvements and/or changes to their respective product(s) or the information about their products as described on their respective websites. The information on Boltrics Learn is selected or prepared in good faith and included for the information of Boltrics Learn users. Changes are periodically made to the information on this website. Errors cannot always be avoided. No rights whatsoever may therefore be derived from the information provided, which is intended for personal use only. Boltrics accepts no liability for damage resulting in any way from changes made by Microsoft to the Microsoft products as described on its website(s) or Boltrics Learn, as well as on the impact of these changes on Boltrics products, including services, product information, websites, software, software extensions and/or servers of Boltrics. Boltrics makes no representations or communications on behalf of Microsoft.