Business Central (On-Premises) Security
This section helps you understand and improve the security of Business Central hosted on-premises. In the links below you find information, hardening guidance, and recommended best practices that address client, database, server, and network security.
Authentication
Before users can sign in to the Business Central application, they must be authenticated as a valid user in the system. Business Central supports several authentication methods. You configure the authentication method on the server tiers of Business Central.
Learn more in Authentication and Credential Types.
Caution
Microsoft recommends that you don’t use NavUserPassword authentication. Microsoft Entra ID and Windows authentication are more secure alternatives. You should only use NavUserPassword authentication when Microsoft Entra ID and Windows authentication aren't viable.
Server security
Business Central Server handles communication between clients and databases, controlling authentication, event logging, scheduled tasks, reporting, and more. The following articles explain how to improve the security of Business Central Server instances.
Hardening Business Central Server Security
Locking Down Server Communication settings
Client security
The following articles explain how to improve the security of connections from the clients to Business Central Server.
Configuring SSL to secure the client connections
Using security certificates with Business Central on-premises
Database security
The articles in this section explain how to improve database security in Business Central.
The following articles discuss configurations that you can perform on the Business Central server instance:
The following are general articles about SQL Server security that can also help secure the database:
Important
Starting March, 2020, with 2019 release wave 2, Business Central only supports Transport Layer Security (TLS) version 1.2 or later. Upgrade to one of the latest supported Business Central release waves to remove support for earlier versions of TLS. If your solution or an add-on uses TLS 1.0 or 1.1, you must update that configuration or add-on to TLS 1.2 or later as soon as possible. For more information, see Blog post: Update to TLS 1.2 or later in Dynamics 365 Business Central in 2019 release wave 2.
Azure Database Security Best Practices
Network security
The following articles explain how to secure client, web service, and Power BI connections over a wide area network by using HTTPS and security certificates.
Configuring SSL to Secure the Client Connections
Using Security Certificates with Business Central On-Premises
Connect to Business Central with Power BI
Related information
Security and Protection
Data Security
Security Tips for Business Users