<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Security on Wingate365</title><link>https://blog.wingate365.com/tags/security/</link><description>Recent content in Security on Wingate365</description><generator>Hugo</generator><language>en-gb</language><lastBuildDate>Wed, 18 Feb 2026 19:31:16 +0000</lastBuildDate><atom:link href="https://blog.wingate365.com/tags/security/index.xml" rel="self" type="application/rss+xml"/><item><title>AI context is king - BC MCP for MCS Agents - London D365PPUG - Feb 2026</title><link>https://blog.wingate365.com/2026/02/ai-context-is-king-bc-mcp-for-mcs.html</link><pubDate>Wed, 18 Feb 2026 19:31:00 +0000</pubDate><guid>https://blog.wingate365.com/2026/02/ai-context-is-king-bc-mcp-for-mcs.html</guid><description>&lt;p&gt;&amp;nbsp;&lt;/p&gt;What if your AI tool understood your business data, would you get a better output from it? In short yes - context is king when dealing with AI.&amp;nbsp;&lt;div&gt;&lt;h2 style="text-align: left;"&gt;AI Context is King - D365PPUG London, February 2026&lt;/h2&gt;&lt;div&gt;I had a great evening presenting at D365PPUG London last night - thanks to the organisers for having me, brilliant crowd as always.&lt;/div&gt;&lt;div&gt;&lt;br /&gt;&lt;/div&gt;&lt;div&gt;The session was about Business Central's built-in MCP (Model Context Protocol) server, and why I think it's one of the more exciting developments in the BC ecosystem right now.&lt;/div&gt;&lt;div&gt;&lt;br /&gt;&lt;/div&gt;&lt;div&gt;The core problem: generic AI doesn't know your business. Ask it about your customers, your open orders, your stock levels - it can't help. MCP fixes that. It's the standard that lets AI tools connect to external systems, and Microsoft have built an MCP server directly into Business Central. No custom development, no third-party tooling - it's there today.&lt;/div&gt;&lt;div&gt;&lt;br /&gt;&lt;/div&gt;&lt;div&gt;The demo gods were mostly kind 😅 and the audience questions were fantastic - lots of interest in security, licensing, and whether you can build custom MCP tools (yes, you can - that's a whole other session).&lt;/div&gt;&lt;div&gt;&lt;br /&gt;&lt;/div&gt;&lt;div&gt;Here is a copy of the slides&amp;nbsp;&lt;a href="https://1drv.ms/f/c/73ecbf3d4743e7c6/IgD_yRTTKysiS7Zc_mlRVRhnARr8PkTT77YkMxxcCdboREo?e=Ga2ve1"&gt;shared&lt;/a&gt;.&lt;/div&gt;&lt;/div&gt;</description></item><item><title>Mastering Dynamics 365 BC Security - Admin Center</title><link>https://blog.wingate365.com/2025/02/mastering-dynamics-365-bc-security.html</link><pubDate>Sat, 08 Feb 2025 11:48:00 +0000</pubDate><guid>https://blog.wingate365.com/2025/02/mastering-dynamics-365-bc-security.html</guid><description>&lt;p&gt;&lt;/p&gt;This short video covers two important security settings in the Business Central Admin Center. Learn how to configure these settings to enhance security and protect your system!&lt;p&gt;&lt;/p&gt;&lt;div class="separator" style="clear: both; text-align: center;"&gt;&lt;iframe allowfullscreen="" class="BLOG_video_class" height="266" src="https://www.youtube.com/embed/tVQ9R43r63g" width="320" youtube-src-id="tVQ9R43r63g"&gt;&lt;/iframe&gt;&lt;/div&gt;&lt;p&gt;&lt;/p&gt;
&lt;h3&gt;&lt;strong&gt;Essential Security Settings in the Business Central Admin Center&lt;/strong&gt;&lt;/h3&gt;
&lt;p&gt;Securing a Business Central environment is crucial to protecting company data and ensuring only authorised users have access.&lt;br /&gt;&lt;br /&gt;This guide outlines two key security settings in the Business Central Admin Center that help enhance system security.&lt;/p&gt;</description></item><item><title>Improve your Dynamics 365 Business Central security: Just-in-Time access for partners</title><link>https://blog.wingate365.com/2024/11/improve-your-dynamics-365-business.html</link><pubDate>Tue, 19 Nov 2024 19:33:00 +0000</pubDate><guid>https://blog.wingate365.com/2024/11/improve-your-dynamics-365-business.html</guid><description>&lt;div style="text-align: center;"&gt;&lt;/div&gt;&lt;p&gt;Microsoft have an ongoing mission around security, check out the&amp;nbsp;&lt;a href="https://www.microsoft.com/en-us/trust-center/security/secure-future-initiative"&gt;Secure Future Initiative | Microsoft&lt;/a&gt;&amp;nbsp;&amp;amp; the recent newsletter&amp;nbsp;&lt;a href="https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/final/en-us/microsoft-brand/documents/SFI_November_2024_update.pdf"&gt;SFI_November_2024_update.pdf&lt;/a&gt;&lt;/p&gt;&lt;p&gt;But here I wanted to share a very simple tip around an effective &lt;b&gt;just-in-time&lt;/b&gt; access control for clients to allow / prevent partners from accessing their BC environments.&lt;/p&gt;&lt;p&gt;I see this coming into play post go-live. Better to leave the door locked and provide access only when required, so long as you (the client organisation) have suitable coverage with you internal IT resource/team to let the partners in when necessary.&amp;nbsp;&lt;/p&gt;</description></item><item><title>Connect to Windows 2016 HyperV Core with delegated credentials / CredSSP</title><link>https://blog.wingate365.com/2018/02/connect-to-windows-2016-hyperv-core.html</link><pubDate>Sun, 18 Feb 2018 12:24:00 +0000</pubDate><guid>https://blog.wingate365.com/2018/02/connect-to-windows-2016-hyperv-core.html</guid><description>&lt;p&gt;CredSSP authentication is currently disabled on the local client. You must be running with administrator privileges in order to enable CredSSP&lt;br /&gt;
&lt;br /&gt;&lt;/p&gt;
&lt;h3&gt;
On Win2016 desktop CLIENT&lt;/h3&gt;
&lt;br /&gt;
&lt;li&gt;Powershell:&lt;/li&gt;
&lt;pre&gt;PS C:\Users\Administrator&amp;gt;start-service winrm
PS C:\Users\Administrator&amp;gt;Enable-WSManCredSSP -Role client -DelegateComputer *
PS C:\Users\Administrator&amp;gt;stop-service winrm&lt;/pre&gt;
&lt;br /&gt;
&lt;li&gt;GPEDIT (as administrator)&lt;/li&gt;
Local Computer Policy &amp;gt; Computer Configuration &amp;gt; Administrative Templates &amp;gt; System &amp;gt; Credentials Delegation: 
&lt;pre&gt;Allow delegating fresh credentials with NTLM-only server authentication&lt;/pre&gt;
&lt;li&gt; Set: "Enabled" and "Add servers to the list" 
&lt;li&gt; Show: enter "WSMAN/*" as Value&lt;/li&gt;
&lt;li&gt;Fire up Hyper-V Manager and connect to server only with IP-address and enter as user "[IP Address]\[username]” and set the password.&lt;/li&gt;
&lt;/br&gt;
&lt;a href="https://social.technet.microsoft.com/Forums/en-US/8884b81e-0576-4764-a29d-ce7bec5c9ee9/hyperv-server-2016-tp4-howto-manage-hyperv-with-desktopos-hyperv-manager-and-bug?forum=WinServerPreview"&gt;Source&lt;/a&gt;</description></item><item><title>TLS/SSL for Web Services</title><link>https://blog.wingate365.com/2015/04/ssl-for-web-services.html</link><pubDate>Sun, 19 Apr 2015 21:40:00 +0000</pubDate><guid>https://blog.wingate365.com/2015/04/ssl-for-web-services.html</guid><description>&lt;p&gt;TLS protection should be a standard security policy these days. It&amp;rsquo;s common place for servers hosting web pages and web services.&lt;br /&gt;
&lt;br /&gt;
Certificates are inexpensive and relatively simple to setup and use. The basic outline is that you generate a private key on your server, pass this to the CA. They will use this to generate the Certificate and public key. They send you back the certificate and publish the public key on their servers. The certificate, private key and the CA&amp;rsquo;s authority chain certificates are installed on your server and bound/configures to be utilised within the the webservice in question.&lt;br /&gt;
&lt;br /&gt;
A 3rd party browser pointed to your https URL will request the certificate, which it uses to lookup the host servers details with the CA and obtain the public key. The public key is then used by the browser to lock the session key that it generates. Only the specific private key can unlock and obtain the session key that was locked by the related public key. Which is what the host server does and then both machines have identical keys to use for all further communication in that session.&lt;br /&gt;
&lt;br /&gt;
Here are the main elements and terms you may come across when setting up SSL protection using a Certificate Authority (CA)&lt;br /&gt;
&lt;br /&gt;
Machines:&lt;br /&gt;
&lt;br /&gt;&lt;/p&gt;</description></item><item><title>IP PBX / 3CX / VoIP Phone System</title><link>https://blog.wingate365.com/2013/10/ip-pbx-3cx-voip-phone-system.html</link><pubDate>Thu, 31 Oct 2013 08:34:00 +0000</pubDate><guid>https://blog.wingate365.com/2013/10/ip-pbx-3cx-voip-phone-system.html</guid><description>&lt;p&gt;Just finished a few days training on &lt;a href="http://www.3cx.com/" target="_blank"&gt;3CX &lt;/a&gt;systems, and a very interesting two days it was. The trainer William has a distinctive style and great dry sense of humour that kept everyone engaged.&lt;br /&gt;
&lt;br /&gt;
3CX is a windows base IP phone system. In the simplest terms for a small office you install 3CX on a desktop PC, sign up to a VoIP provider (e.g. &lt;a href="http://www.voip-unlimited.net/" target="_blank"&gt;VoIP Unlimited&lt;/a&gt; or &lt;a href="http://www.spitfire.co.uk/VoIP.shtml" target="_blank"&gt;Spitfire&lt;/a&gt;) plug in a few IP phones to your Ethernet, configure, provision and away you go. As it&amp;rsquo;s all IP based you can get a phone number in any region of the UK or any country for that matter. So office based in Scotland, but clients all in London, or France - get a local number to your clients and you are only paying for &amp;rsquo;local&amp;rsquo; calls. 3CX can go all the way up to a multi-location offices / call centres with thousand of agents. If you want to get fancy there are APIs and custom programmable elements to build your own digital receptionist, the kind that ask for your account numbers, report information from your account after you authenticate etc etc.&lt;br /&gt;
&lt;br /&gt;
You can also get an app on your iPhone/Android to be able to make calls over 3G data or wifi via your 3CX PBX. Although if you want total flexibility on remote mobile access you do face the difficult decision on how to deal with security threat of opening a port for SIP traffic on your firewall to the public internet which is not a great idea.&lt;/p&gt;</description></item></channel></rss>