Redigera

Dela via


Success by design security checklist for key activities in application security

Privacy and compliance

Done? Task
Understand the responsibilities of the service provider as a data processor and the customer responsibilities as the owner and data controller. Make sure both sides comply with the relevant laws and regulations.
Review the Dynamics 365 cloud service agreements and compliance documentation. Learn about the policies and procedures for handling data, disaster recovery, data residency, and encryption.

Identity and access

Done? Task
Create an identity management strategy that covers user access, service accounts, application users, federation requirements for single sign-on, and conditional access policies.
Create administrative access policies for different admin roles on the platform, such as service admin and Microsoft 365 admin.
Apply and follow the relevant data loss prevention policies and procedures to make changes or request exceptions.
Have the necessary controls to manage access to specific environments.

Application security

Done? Task
Understand the app-specific security features and use the native access control mechanisms instead of customizing the build.
Understand that hiding information from the view doesn't remove access. There are other ways to access and extract information.
Understand the impact of losing the security context when you export the data.
Optimize the security model for performance and scalability by following the security model best practices.
Have a process to map changes in the organization structure to the security model in Dynamics 365. Do it carefully and sequentially to avoid unwanted cascading effects.

Next steps