As Microsoft partners, we frequently face challenges due to limited or fragmented documentation on D365 FO’s architectural, security, and identity requirements—especially when working with regulated industries such as banking, where IT restrictions are stricter than standard enterprise environments.
We propose that Microsoft provide a comprehensive, centralized set of public documents or structured technical articles covering all core aspects of D365 FO implementations. This would empower partners to design compliant, secure, and efficient environments—whether cloud-hosted or on-premises.
Key Areas to Cover:
- Security and Compliance Standards
- Encryption at rest and in transit
- Data residency, backup, and retention policies
- Compliance with GDPR, ISO, SOC, and regional regulations
- Role-based access control (RBAC) and administrative segregation
- Identity and Authentication
- ADFS configuration for on-premises and hybrid environments
- Azure AD authentication setup with support for MFA and conditional access
- Federation and multi-tenant identity handling
- Lifecycle Services (LCS) and Azure Integration
- LCS access and port requirements
- Integration with Azure Key Vault, Blob Storage, and App Services
- Certificate management and trusted connection principles
- Development Environments (OneBox)
- Clear documentation on OneBox limitations and secure dev practices
- Proper configuration of admin rights, SQL access, and debugging tools
- Guidelines for using sanitized data in test/dev environments
- On-Premises Deployment
- Detailed walkthroughs of D365 FO on-premises installation, including:
- AD domain requirements
- SQL, AOS, Service Fabric, and file share configuration
- Required firewall ports, certificates, and server roles
- Infrastructure planning (sizing, storage, high availability)
- Secure network design with hybrid identity and LCS integration
- Infrastructure & Operational Requirements
- Antivirus exclusion lists and port matrix per node type
- Reference architectures for both cloud-hosted and on-prem scenarios
- Group Policy and security baseline considerations
- Admin Share (e.g., C$) Access
- Explicit documentation that access to admin shares (e.g., C$) is required for Service Fabric and setup operations
- Clarify that while this is a standard Windows administrative mechanism, many banks and high-security clients block it by default
- Provide Microsoft’s justification and secure implementation guidance to help partners and IT teams obtain necessary internal approvals
- Partner Enablement & Implementation Support
- Security Q&A templates and implementation checklists
- Common customer restrictions and Microsoft-approved mitigations
- Certified third-party solutions and secure integration approaches
Benefits:
- Helps partners proactively address common security blockers (e.g., admin shares, ADFS, port access)
- Reduces friction with regulated clients by having Microsoft-backed justifications
- Accelerates deployments and reduces escalations by enabling early alignment
- Equips partners to better market and deliver compliant, secure solutions in highly sensitive environments
We suggest Microsoft host this documentation on Microsoft Learn, Partner Center, or a dedicated D365 FO Deployment & Security Hub to ensure easy access and continuous updates for partners and clients alike.