Business Central (On-Premises) Security

This section helps you understand and improve the security of Business Central hosted on-premises. In the links below you find information, hardening guidance, and recommended best practices that address client, database, server, and network security.

Authentication

Before users can sign in to the Business Central application, they must be authenticated as a valid user in the system. Business Central supports several authentication methods. You configure the authentication method on the server tiers of Business Central.

Learn more in Authentication and Credential Types.

Caution

Microsoft recommends that you don’t use NavUserPassword authentication. Microsoft Entra ID and Windows authentication are more secure alternatives. You should only use NavUserPassword authentication when Microsoft Entra ID and Windows authentication aren't viable.

Server security

Business Central Server handles communication between clients and databases, controlling authentication, event logging, scheduled tasks, reporting, and more. The following articles explain how to improve the security of Business Central Server instances.

Hardening Business Central Server Security

Locking Down Server Communication settings

Client security

The following articles explain how to improve the security of connections from the clients to Business Central Server.

Configuring SSL to secure the client connections

Using security certificates with Business Central on-premises

Database security

The articles in this section explain how to improve database security in Business Central.

The following articles discuss configurations that you can perform on the Business Central server instance:

Configuring the Database

Encrypt Traffic

The following are general articles about SQL Server security that can also help secure the database:

Upgrade to TLS 1.2

Important

Starting March, 2020, with 2019 release wave 2, Business Central only supports Transport Layer Security (TLS) version 1.2 or later. Upgrade to one of the latest supported Business Central release waves to remove support for earlier versions of TLS. If your solution or an add-on uses TLS 1.0 or 1.1, you must update that configuration or add-on to TLS 1.2 or later as soon as possible. For more information, see Blog post: Update to TLS 1.2 or later in Dynamics 365 Business Central in 2019 release wave 2.

Data Encryption at Rest

SQL Server Hardening

SQL Server Auditing

Backup Encryption

Azure Database Security Best Practices

Network security

The following articles explain how to secure client, web service, and Power BI connections over a wide area network by using HTTPS and security certificates.

Configuring SSL to Secure the Client Connections

Using Security Certificates with Business Central On-Premises

Connect to Business Central with Power BI

Security and Protection
Data Security
Security Tips for Business Users