Security in Business Central

Security is a top priority for Microsoft and Business Central. The product is developed and operated with a security-first approach. Microsoft conducts regular internal penetration testing and runs a public security bounty program to identify and fix vulnerabilities before they can be exploited.

A robust security system is essential for protecting your database and the information it contains. Business Central helps you control unauthorized access and specify what authenticated users can do, such as what data they can read and modify.

Key security capabilities

Business Central provides comprehensive security features organized into five key areas:

Authentication and identity

• Microsoft Entra ID integration for centralized identity management
• Multifactor authentication (MFA) for enhanced sign-in security
• Modern authentication methods support

Access control and permissions

• Granular user permission controls and role-based access control (RBAC)
• Database-level access controls for data operations
• Fine-tuned permissions for specific business scenarios

Data protection

• Enterprise-grade encryption at rest and in transit
• Secure credential management
• Built-in protections for sensitive business data

Network security

• Azure security service tags for IP-based network segmentation and access control
• Enterprise-grade encryption of network traffic

Security operations

• Continuous security monitoring and updates (by Microsoft)
• Regular vulnerability assessments and remediation (by Microsoft)
• Compliance with industry security standards (by Microsoft)
• Audit logging and activity tracking for compliance (by partner/customer/auditor)

Security resources

The following articles provide detailed guidance on implementing and managing security in Business Central:

• Security Guide: How to Secure Business Central
• Application security
• Azure security service tags
• Security tips for business users
• Online security
• On-premises security
• Data security
• Security FAQ