<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Compliance on Wingate365</title><link>https://blog.wingate365.com/tags/compliance/</link><description>Recent content in Compliance on Wingate365</description><generator>Hugo</generator><language>en-gb</language><lastBuildDate>Thu, 29 Aug 2024 13:10:33 +0000</lastBuildDate><atom:link href="https://blog.wingate365.com/tags/compliance/index.xml" rel="self" type="application/rss+xml"/><item><title>Dynamics 365 BC - Architecture and Compliance</title><link>https://blog.wingate365.com/2023/12/dynamics-365-bc-architecture-and.html</link><pubDate>Sat, 09 Dec 2023 12:40:00 +0000</pubDate><guid>https://blog.wingate365.com/2023/12/dynamics-365-bc-architecture-and.html</guid><description>&lt;p&gt;I am often asked to about the architecture and compliance for Business Central SaaS. There is a huge amount of info to be found on this topic across multiple Microsoft docs pages.&lt;/p&gt;&lt;p&gt;Below I have collected together a few handy links and images from these pages.&lt;/p&gt;&lt;h2 style="text-align: left;"&gt;Architecture&amp;nbsp;&lt;/h2&gt;&lt;div&gt;&lt;div&gt;Here is a simple diagram of the Business Central Architecture&amp;nbsp;&lt;a href="https://learn.microsoft.com/en-us/dynamics365/business-central/dev-itpro/deployment/product-and-architecture-overview"&gt;Component and System Topology - Business Central | Microsoft Learn&lt;/a&gt;&amp;nbsp;&lt;/div&gt;&lt;div&gt;&lt;br /&gt;&lt;/div&gt;&lt;table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"&gt;&lt;tbody&gt;&lt;tr&gt;&lt;td style="text-align: center;"&gt;&lt;a href="https://learn.microsoft.com/en-us/dynamics365/business-central/dev-itpro/media/architecture-overview.png" style="margin-left: auto; margin-right: auto;"&gt;&lt;img border="0" data-original-height="482" data-original-width="653" height="482" src="https://learn.microsoft.com/en-us/dynamics365/business-central/dev-itpro/media/architecture-overview.png" width="653" /&gt;&lt;/a&gt;&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td class="tr-caption" style="text-align: center;"&gt;Figure 1 - BC system architecture simplified overview&lt;br /&gt;&lt;/td&gt;&lt;/tr&gt;&lt;/tbody&gt;&lt;/table&gt;&lt;div&gt;&lt;br /&gt;&lt;/div&gt;&lt;div&gt;&lt;div&gt;With BC SaaS direct access is not possible to any of the elements shown in the grey box as these are all managed by, and are the responsibility of, Microsoft.&lt;/div&gt;&lt;div&gt;&lt;ul style="text-align: left;"&gt;&lt;li&gt;Web Servers&lt;/li&gt;&lt;li&gt;Application Servers&amp;nbsp;&lt;/li&gt;&lt;li&gt;SQL Databases&lt;/li&gt;&lt;/ul&gt;&lt;h2 style="text-align: left;"&gt;Data Protection&lt;/h2&gt;&lt;div&gt;On the SaaS platform your data is treated in the following manner&amp;nbsp;&lt;a href="https://learn.microsoft.com/en-us/dynamics365/business-central/dev-itpro/security/security-online"&gt;Security in Business Central - Business Central | Microsoft Learn&lt;/a&gt;&lt;/div&gt;&lt;/div&gt;&lt;/div&gt;&lt;/div&gt;&lt;div&gt;&lt;br /&gt;&lt;/div&gt;&lt;div&gt;Here is a simplified view of the authentication layers to access the application&amp;nbsp;&lt;a href="https://learn.microsoft.com/en-us/dynamics365/business-central/dev-itpro/security/security-application"&gt;Layered security model in Business Central - Business Central | Microsoft Learn&lt;/a&gt;&lt;/div&gt;&lt;div&gt;&lt;br /&gt;&lt;/div&gt;&lt;table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"&gt;&lt;tbody&gt;&lt;tr&gt;&lt;td style="text-align: center;"&gt;&lt;a href="https://learn.microsoft.com/en-us/dynamics365/business-central/dev-itpro/developer/media/security-overview.png" style="margin-left: auto; margin-right: auto;"&gt;&lt;img border="0" data-original-height="480" data-original-width="646" height="480" src="https://learn.microsoft.com/en-us/dynamics365/business-central/dev-itpro/developer/media/security-overview.png" width="646" /&gt;&lt;/a&gt;&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td class="tr-caption" style="text-align: center;"&gt;Figure 2 - BC uses a layered approach to application security&lt;/td&gt;&lt;/tr&gt;&lt;/tbody&gt;&lt;/table&gt;&lt;div&gt;&lt;br /&gt;&lt;/div&gt;&lt;div&gt;&lt;h3 style="text-align: left;"&gt;Authentication&lt;/h3&gt;&lt;div&gt;Business Central uses Microsoft Entra ID (previously known as Azure Active Directory) as the authentication method, which is automatically set up and managed for you. You can apply further layers of control with Azure Conditional Access policies.&amp;nbsp;&lt;a href="https://learn.microsoft.com/en-us/entra/identity/conditional-access/overview"&gt;What is Conditional Access in Microsoft Entra ID? - Microsoft Entra ID | Microsoft Learn&lt;/a&gt;&lt;/div&gt;&lt;/div&gt;&lt;div&gt;&lt;h3 style="text-align: left;"&gt;Data isolation and encryption&lt;/h3&gt;&lt;div&gt;Data belonging to a single tenant is stored in an isolated database and is never mixed with data from other tenants. This ensures complete isolation of data in day-to-day use and in backup/restore scenarios. Furthermore, Business Central uses encryption to help protect tenant data in the following ways:&lt;/div&gt;&lt;div&gt;&lt;ul style="text-align: left;"&gt;&lt;li&gt;Data at rest is encrypted by using Transparent Data Encryption (TDE) and backup encryption.&lt;/li&gt;&lt;li&gt;Data backups are always encrypted.&lt;/li&gt;&lt;li&gt;All network traffic inside the service is encrypted by using industry-standard encryption protocols.&lt;/li&gt;&lt;/ul&gt;&lt;h3 style="text-align: left;"&gt;Software as a Service - Shared Responsibility Model&lt;/h3&gt;&lt;/div&gt;&lt;/div&gt;&lt;div&gt;Using business central as a Software as a Service (SaaS), brings the following changes to the responsibilities for these elements shown in Figure 1 vs a traditional on-prem deployment&amp;nbsp;&lt;a href="https://learn.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility"&gt;Shared responsibility in the cloud - Microsoft Azure | Microsoft Learn&lt;/a&gt;&lt;/div&gt;&lt;div&gt;&lt;br /&gt;&lt;/div&gt;&lt;table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"&gt;&lt;tbody&gt;&lt;tr&gt;&lt;td style="text-align: center;"&gt;&lt;a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgkt1uRYHE53YaWTrjH2wYvfNn8TF226iQlWeMSmG9169KkgwHoLeHk3NoCaYsAA8rRg6-oR3qIVsRVIBDZANCoD4jGV6vuIk9d2JnPKdfzBljGdgaSRA9ib7RzbpCLPUGuimmiluMCxKyAEBb1CpCZ9FOLM4jjBiy9GVdf_X15Ds17vZCZxaBf/s666/shared-responsibility.png" style="margin-left: auto; margin-right: auto;"&gt;&lt;img border="0" data-original-height="393" data-original-width="666" height="378" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgkt1uRYHE53YaWTrjH2wYvfNn8TF226iQlWeMSmG9169KkgwHoLeHk3NoCaYsAA8rRg6-oR3qIVsRVIBDZANCoD4jGV6vuIk9d2JnPKdfzBljGdgaSRA9ib7RzbpCLPUGuimmiluMCxKyAEBb1CpCZ9FOLM4jjBiy9GVdf_X15Ds17vZCZxaBf/w640-h378/shared-responsibility.png" width="640" /&gt;&lt;/a&gt;&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td class="tr-caption" style="text-align: center;"&gt;Figure 3 - The SaaS shared responsibility model&lt;/td&gt;&lt;/tr&gt;&lt;/tbody&gt;&lt;/table&gt;&lt;div&gt;&lt;br /&gt;&lt;/div&gt;&lt;h2 style="text-align: left;"&gt;Compliance and Regulatory&amp;nbsp;&lt;/h2&gt;&lt;div&gt;&lt;div&gt;Here is a link to some other relevant information regarding the BC SaaS application &amp;amp; service compliance :&lt;/div&gt;&lt;div&gt;&lt;ul style="text-align: left;"&gt;&lt;li&gt;Security in Business Central &lt;a href="https://aka.ms/BCSecurity"&gt;https://aka.ms/BCSecurity&lt;/a&gt;&lt;/li&gt;&lt;li&gt;Business Central - Application Compliance &lt;a href="https://aka.ms/BCAppCompliance"&gt;https://aka.ms/BCAppCompliance&lt;/a&gt;&lt;/li&gt;&lt;li&gt;&lt;a href="https://learn.microsoft.com/en-us/dynamics365/business-central/compliance/compliance-service-compliance"&gt;Service Compliance and SLA - Business Central | Microsoft Learn&lt;/a&gt;&lt;/li&gt;&lt;li&gt;External Compliance Listing, refer to Dynamics 365 Business Central column &lt;a href="https://aka.ms/d365-compliance-list"&gt;https://aka.ms/d365-compliance-list&lt;/a&gt;&lt;/li&gt;&lt;li&gt;&lt;a href="https://learn.microsoft.com/en-us/compliance/assurance/assurance-vulnerability-management"&gt;Threat and vulnerability management - Microsoft Service Assurance | Microsoft Learn&lt;/a&gt;&lt;/li&gt;&lt;/ul&gt;&lt;/div&gt;&lt;/div&gt;</description></item></channel></rss>