Entitlement Manager for Dynamics 365

NextLabs Entitlement Management for Microsoft Dynamics 365 (EM for Dynamics) provides an advanced security capability – granular access control and data governance – to create a robust and consistent mechanism to safeguard your data in Microsoft Dynamics 365. Using its patented dynamic authorization engine and policy management platform, EM for Dynamics provides an additional layer of protection with dynamic policy and Attribute-Based Access Control (ABAC) to protect critical data in Dynamics 365 seamlessly while providing a central audit and reporting capability.

EM for Dynamics extends standard Dynamics 365 security model to provide a policy-driven, fine-grain control to safeguard data and business functions – such as transactions and batch processes. Unlike custom authorization logic which must be implemented and maintained by the customer, EM for Dynamics works natively with Dynamics 365 applications and externalizes authorization logic to a powerful policy management system, based on the eXtensible Access Control Markup Language (XACML) standard from OASIS.

DATASHEET
FEATURES
Attribute-Based Access Control (ABAC) EM for Dynamics takes into account any changes in the attributes of the data or the user and dynamically applies the relevant policies to enforce access to data and business transactions that the user can execute.
Control Center Policy Server Platform EM for Dynamics runs on the NextLabs Control Center, a XACML-based policy server platform that provides central management of policies and procedures. The Control Center provides Policy Server, Policy Studio, Enrollment Manager, and Report Server.
Dynamic Runtime Policy Enforcement The Policy Engine of EM for Dynamics performs policy evaluation dynamically using the real-time value of the attributes specified in the policies to determine if the user is authorized to perform the business transaction or has access to the data at runtime. Attributes can be dynamically retrieved at runtime from a variety of sources, including but not limited to Dynamics 365, HR and Identity Management systems, Azure AD, LDAP servers, from APIs and web services, or any other system of record.
Field Level Data Redaction & Masking Authorization Policies can be defined to redact and mask sensitive fields on a row by row basis. For example, an account executive can only see the social security number and date of birth for contacts that they created.
Centralized Audit & Monitoring Policy compliance and end user activity are collected in a central audit server for reporting by the Reporter application – a graphical analysis, charting, and reporting application. EM for Dynamics tracks and stores user activity and data access across Dynamics 365 and other applications and services in a central audit server.
Flexible Deployment Options EM for Dynamics is available for SaaS, Private Cloud and on premise deployments of Dynamics 365.
BENEFITS
Unify Access Control Centralize access control across all geographies accessing Dynamics 365. No need to maintain multiple sets of cumbersome, container based controls. Use one data lake.
Enhanced Data Protection Fine grained access control to file servers based on user, data and environmental attributes, including connection, requesting host, and data classification, provides better control over your data.
Reduction of IT Security Headaches Simplification of roles and security profile management brought on by “role explosion” in large, changing and distributed Enterprises.
Integration with Existing Access Infrastructure EM for Dynamics can be part of your overall entitlement management solution that covers file servers, Microsoft SharePoint, Skype for Business and other enterprise applications.
Simplified Role Management with ABAC Enforces compliance policies consistently and reduces compliance costs by centralizing access control administration and audit.