NextLabs Entitlement Management for Microsoft Dynamics 365 (EM365) provides an advanced security capability – granular access control and data governance – to create a robust and consistent mechanism to safeguard your data in Microsoft Dynamics 365. Using its patented dynamic authorization engine and policy management platform, EM365 provides an additional layer of protection with dynamic policy and Attribute-Based Access Control (ABAC) to protect critical data in Dynamics 365 seamlessly while providing a central audit and reporting capability.
EM365 extends standard Dynamics 365 security model to provide a policy-driven, fine-grain control to safeguard data and business functions – such as transactions and batch processes. Unlike custom authorization logic which must be implemented and maintained by the customer, EM365 works natively with Dynamics 365 applications and externalizes authorization logic to a powerful policy management system, based on the eXtensible Access Control Markup Language (XACML) standard from OASIS.
|Attribute-Based Access Control (ABAC)||EM365 takes into account any changes in the attributes of the data or the user and dynamically applies the relevant policies to enforce access to data and business transactions that the user can execute.|
|Control Center Policy Server Platform||EM365 runs on the NextLabs Control Center, a XACML-based policy server platform that provides central management of policies and procedures. The Control Center provides Policy Server, Policy Studio, Enrollment Manager, and Report Server.|
|Dynamic Runtime Policy Enforcement||EM365’s Policy Engine performs policy evaluation dynamically using the real-time value of the attributes specified in the policies to determine if the user is authorized to perform the business transaction or has access to the data at runtime. Attributes can be dynamically retrieved at runtime from a variety of sources, including but not limited to Dynamics 365, HR and Identity Management systems, Azure AD, LDAP servers, from APIs and web services, or any other system of record.|
|Field Level Data Redaction & Masking||Authorization Policies can be defined to redact and mask sensitive fields on a row by row basis. For example, an account executive can only see the social security number and date of birth for contacts that they created.|
|Centralized Audit & Monitoring||Policy compliance and end user activity are collected in a central audit server for reporting by the Reporter application – a graphical analysis, charting, and reporting application. EM365 tracks and stores user activity and data access across Dynamics 365 and other applications and services in a central audit server.|
|Flexible Deployment Options||EM365 is available for SaaS, Private Cloud and on premise deployments of Dynamics 365.|
|Unify Access Control||Centralize access control across all geographies accessing Dynamics 365. No need to maintain multiple sets of cumbersome, container based controls. Use one data lake.|
|Enhanced Data Protection||Fine grained access control to file servers based on user, data and environmental attributes, including connection, requesting host, and data classification, provides better control over your data.|
|Reduction of IT Security Headaches||Simplification of roles and security profile management brought on by “role explosion” in large, changing and distributed Enterprises.|
|Integration with Existing Access Infrastructure||EM365 can be part of your overall entitlement management solution that covers file servers, Microsoft SharePoint, Skype for Business and other enterprise applications.|
|Simplified Role Management with ABAC||Enforces compliance policies consistently and reduces compliance costs by centralizing access control administration and audit.|