Currently customers can choose 2 options, Microsoft Managed Keys and Customer Managed Keys (BYOK or PFX). All fine but some customers would rather use their Azure Key Vault (already setup and running for Data Export Service) so they can manage this new Key from the same vault towards the Dynamics data. So would it be possible to integrate Customer Azure Key Vault in the Admin portal so a key can be used from the customers Key Vault directly? This enables them secret and key management from 1 central location. Easier to setup, monitor and maintain (eg. key rotation).
Protect and Govern your data using the Data driven policy-based experience across your business apps
Businesses cite “Control”, “Transparency” and “Security” as the biggest reasons preventing them from participating in this digital transformation. However, efficiencies and cost savings are too great to ignore the benefits of the cloud. This lack of control is viewed by many businesses as a risk. The Data Governance framework is designed to solve this problem. Regulations and company policies must be enforceable and this applies to a variety of scenarios. A few them are listed below from our current outreach with customers -
- Financial institutions want to protect sensitive information, and are required to track if sensitive customer information is being exported.
- Healthcare companies want to prevent any HIPAA data deletions, as they are required by law to retain the data for at least 7 years.
- Organizations working on highly confidential deals are contractually obligated to ensure the clients data privacy. Failure to do so has financial implications.
- Financial institutions running their business on cloud require advance protection on data types like PCI (Credit Cards)
- Enterprise organizations have multiple services that share data, admins from these organization want to know what data is flowing across these services to ensure the compliance of every system.
- New regulations like GDPR, require organizations to be ready to execute requests from their customers like Forget Me. The new idea of Data Governance helps the companies feel in control over their data.
This simple policy based framework to enforce policies and protect any Data Loss will be powered by Common Data Model (CDM) and Services (CDS). Tags: GDPR, PCI, HIPAA, DLP
Dynamics 365 CE Online 8.2 currently supports BYOK scenarios while using an Azure Key Vault in the back (operated by Microsoft). Possibilities to bring your own key ere are limited to creatin a software key offline (PFX) or a hardware generated key (BYOK) via HSM.
Enterprise Customers expect more management and automation capabilities to manage the encryption key from their proper AKV (Azure Key Vault) this to enable further monitoring and logging where needed; https://docs.microsoft.com/en-us/azure/key-vault/key-vault-secure-your-key-vault.
Also this will facilitate automation of key management operations like rotating the keys when needed.
Commit to the Email Token or abandon it.
If you commit to the Email Token in the Subject line then any email without a token does not get tracked into CRM, without exception for any reason. Any email with a token in the Subject line gets tracked into CRM when received, without exception for any reason.
The situation is that emails are being tracked into CRM because at one point in time they were a tracked email and their 'Conversation Index' is hidden in CRM somewhere. When Server Side Synchronization detects a matching Conversation Index it puts the email into CRM, regardless of any other email synchronization setting. If I set token matching in Server Side Synchronization that is the only matching it should use, period.
The real problem is that there is no visual indicator to a User that the email they have been sent is being tracked in CRM, therefore they do not know their response is going to be tracked. If any sender at any point removes the token the email should no longer be tracked. If someone pastes a token in the Subject line the send of that email and all subsequent send/receives should be tracked so long as the token is present.
All emails without tokens should qualify for Email to Case processing and only be disqualified by the filters set in the process by the Administrator.
Not having a visual indicator in a message that it is being systematically tracked raises security and privacy issues especially with our EMEA Users. There is an expectation of privacy between the sender and the people addressed in the message. The recipient may choose to share the message with whomever they wish, but that is at their discretion. With CRM a message can be attached to records that are accessible by many levels of User regardless of who the message was addressed to and with conversation index matching the email goes into CRM without the knowledge of the sender.