When establishing security roles in Microsoft D365, it is important to institute a robust security design with minimal security risks resulting from Segregation of Duties (SoD) conflicts and excessive sensitive access. Failure to reduce SoD conflicts and needless SA will result in unexpected risks and audit findings due to a lack of checks and balances in place. The out-of-box security roles inherently contain security risks that when assigned to users, foster a risky environment. In this session, we will discuss security risks, security design, and how to implement the security roles in D365.

The content of this session is geared toward an audience with beginner to intermediate-level knowledge of the subject area.

This session will be available for CPE credits pending completion of session survey post event.

This session is a case study for designing and building an application security framework that supports the needs of a large manufacturing company, and also drives least-privilege access and business ownership of security roles and risks during a D365FO implementation. We will start with an overview of how U.S. Venture, Inc., designed its security roles by building a segregation of duties rule set, and creating compliant task-based roles as the foundation for ensuring appropriate access and proper control throughout the D365 environment. This presentation does not require detailed knowledge of D365 security.The content of this session is geared toward an audience with beginner-level knowledge of the subject area.