I have numerous times got the requirement of having Dynamics 365 users not be able to print, export data to excel, limit copy/paste action, etc. all in the name of trying to safeguard data theft from Malicious employees or employees’ compromised devices. The reasons for such requests are usually to try to “minimize the risk of data leaving the company.”. Have you ever been afraid of employees taking company information, then read on to get going answering the question:
- How to prevent data loss in cloud computing?
- How to prevent data loss in a company?
- How do I protect corporate data when an employee leaves?
Let's explore
The most common cause of data loss in Dynamics 365
Dealing with the risk of malicious employees, fx. salesperson stealing CRM data have historically been done by removing the excel download buttons from Dynamics. In reality this might have hidden the risk rather than fixing it. there have always been loopholes for malicious employees to exploit data extraction. (multiple similar solutions throughout the years have been suggested, but none of them are good enough if you ask me).
In a try to keep data within company boundaries legacy IT infrastructure admins usually try to just hide it all behind a firewall but that is no longer enough in our modern internet-connected world and especially not helpful if using any Cloud technology! compromised devices, stolen usernames, and passwords are on the rise and too cheap to procure for malicious people and organizations. For such attacks, no firewall is enough as the attack is coming from within.
Is data loss a real risk? you might ask yourself. With a quick glimpse at Microsoft Digital Defense Report (MDDR) – current analysis of threat landscape – https://aka.ms/MDDR I am sure you find that is very REAL!
For a long time, you have not needed to be a hacker yourself, it is a paid “service” in the dark corners of the internet, and drives up the number of attacks significantly.
As a side note missing automation on assigning security roles in Dynamics 365 can also be a security risk, see here how to set it up in less than 10 minutes: How to Automate Security Role Assignment With Microsoft Teams
How to prevent Dynamics 365 data from leaving your company
Questions needing an answer in your company:
- How is the risk of data loss minimized or eliminated?
- What are steps that an organization should take to mitigate the risk of data loss?
- How can you prevent data loss?
If you use Dynamics 365 in the cloud above questions are answered by the a bundle of tools within the Microsoft365 platform that can help you secure your data. Data Security-Enhanced Dynamics 365 is just a few clicks away in tool such as
AADP = Azure Active Directory Premium
MCAS = Microsoft Cloud App Security (soon to be know as
MAM = Microsoft Mobile Device Management
etc.
The beauty of using these tool is that they can be restricted to only personal or unsecured devices but be enabled for more secure devices. Excel download can even be permitted, but excel can be limited in print, send copy and paste so users do not lose the excel data analytics capability that most love.
Block Excel download
Block Print
Block Copy and paste
How to demo and guide: minimize the risk of data leaving
The brilliant Matt Soseman takes you through a deep demo on what can be protected and where to click to get protection.
Gain more knowledge.
If you want more than 36 minutes of YouTube tutorial, here you have a curated list of reading materials on each important security tool in Microsoft
Microsoft 365 Defender > http://aka.ms/m365dninja
Microsoft Defender for Office 365 > https://aka.ms/mdoninja
Microsoft Defender for Endpoint > http://aka.ms/mdeninja
Microsoft Cloud App Security > http://aka.ms/mcasninja
Microsoft Defender for Identity > http://aka.ms/mdininja
Sentinel – Become an Azure Sentinel Ninja: The complete level 400 training – Microsoft Tech Community
Azure Security Center – Become an Azure Security Center Ninja (microsoft.com)
Stay up to date
on Cybersecurity risk framework for your Microsoft estate by following @MarkSimos and looking at his always relevant https://aka.ms/markslist which is updated frequently with the latest and greatest information that he sent to customers and his colleagues.
