For those embracing Dynamics 365 Business Central for their organisation’s financial operations, it's easy to take its always-on, cloud-based convenience for granted. But as cyber threats grow more sophisticated and data compliance becomes non-negotiable, security can’t be left to chance—even in the cloud.
While Microsoft provides a strong security foundation, the responsibility for keeping your Business Central environment secure doesn’t end there. Fortunately, as a Microsoft partner and Business Central experts, we support our clients in their security needs. We know that now is the perfect time to review your security posture and take action where needed.
Why security still matters in the cloud
The cloud brings enormous advantages—automatic updates, improved resilience, and remote accessibility—but it also introduces new risks. Business Central is part of Microsoft’s secure infrastructure, but under the shared responsibility model, your organisation still owns key aspects of configuration, access, and data protection.
If your team hasn’t reviewed permissions, backup processes, or mobile access policies lately, here’s your reminder: today’s convenience should never come at the cost of tomorrow’s security.
Six areas you should be reviewing now:
1. Access and authentication: Who is in your system?
- Enforce multi-factor authentication (MFA) for all users, especially administrators.
- Review user permissions to ensure people only have access to what they need.
- Use Azure AD Conditional Access policies to apply extra scrutiny to high-risk logins or external devices.
- Audit guest users and external collaborators: are they still active, or even needed?
Your users may have changed roles or left; has your access control changed with them?
2. Data security: What is protected, and how?
- Microsoft encrypts data at rest and in transit, but are you classifying and labelling sensitive data internally?
- Consider additional backup layers: while Microsoft manages infrastructure-level recovery, a data export strategy helps you retain control.
- Test your recovery processes. A backup that hasn’t been tested isn’t a backup you can rely on.
3. Integration security: Are third-party apps a backdoor?
- Business Central integrates easily with Power Platform, APIs, and marketplace extensions, but every connection adds risk.
- Use service accounts with minimum permissions for Power Automate flows and third-party apps.
- Review and log API activity, and don’t forget to audit inactive or unused integrations.
4. Monitoring and alerts: Are you watching?
- Enable audit trails for key actions like permission changes, logins, and large data exports.
- Use Azure Security Center and Microsoft Defender for Business to monitor suspicious behaviour.
- Consider linking logs to a SIEM system to detect threats across your IT ecosystem.
5. AI and threat detection: Can you see what is coming?
- Use Microsoft Defender for Cloud to detect unusual activity and prioritise real threats based on AI-driven analysis.
- Integrate Microsoft Sentinel to analyse patterns across your ERP and broader IT environment.
- Leverage behavioural analytics to spot anomalies like unusual login times, unexpected data exports, or compromised accounts before they escalate.
AI-powered security tools are reshaping how organisations detect and respond to risks. Microsoft is embedding AI into many of its offerings, helping you stay ahead of evolving threats.
6. Compliance and mobile access: Where is your data going?
- Understand your data residency: where is your Business Central data stored, and does it align with your regulatory obligations.
- Implement mobile device policies that protect data accessed via mobile apps (e.g., PINs, timeouts, remote wipe).
- Stay ahead of industry regulations like GDPR, SOX, PCI DSS, or industry-specific obligations.
Quick wins you can action today:
Here’s a shortlist to get your Business Central security on stronger footing:
- Require MFA for all users.
- Review current permissions and remove unnecessary access.
- Enable and regularly review audit logs.
- Apply conditional access for external or risky connections.
- Audit your third-party integrations and service accounts.
Security isn’t a one-time setup
Just like with on-premises systems, cloud-based ERPs require ongoing maintenance. Build regular security reviews into your operations:
- Monthly user access reviews.
- Quarterly security audits.
- Annual incident response simulations.
- Regular updates to your business continuity and recovery plans.
To further ensure your security is as effective as it can be, follow industry expected risk mitigation strategies like Essential Eight.
Work with your implementation partner
Security doesn’t need to sit solely on your internal IT team’s shoulders. A good Business Central partner should offer:
- Security health checks and configuration reviews.
- Help in implementing new features like Conditional Access or data loss prevention (DLP) policies.
- Guidance on integrating Business Central with broader IT security systems.
At Professional Advantage, we offer our Business Central clients a host of services to ensure their solution consistently performs, including maintaining high levels of security.
Security enables growth
Securing Business Central isn’t about locking down access and slowing business. Done right, security gives your team the freedom to operate confidently, knowing your data and operations are protected.
If you want to know more about enhancing your Business Central security, talk to your Client Management Team or reach out to us.