Classifying Data in Dynamics NAV

Dynamics NAV includes development features for tagging business data with specific classifications. Specifically, this includes data that is stored in table fields of the database and telemetry data that is emitted from the application.

About Data Classification

Classifying data serves different purposes. It can make data easier and more efficient to locate and retrieve, and also help to add another layer of protection and security for handling private and sensitive data. It can supplement your process for making the application compliant with legislative and regulatory requirements for collecting, storing, and using personal information.


You should consider the data classification features offered in Dynamics NAV as the first layer of classification - done by developers (Dynamics NAV and partners) on customizations, add-ons, and extensions. The second layer is the users and how they handle data they provide and that is made available to them.

What are the different data classifications?

The following table describes the different classifications that you can apply to data:

Data classification Description Example
CustomerContent Content directly provided/created by admins and users.
  • Customer generated BLOB or structured storage data
  • Customer-owned/provided secrets (passwords, certificates, encryption keys, storage keys)
EndUserIdentifiableInformation (EUII) Data that identifies or could be used to identify the user of a Microsoft service. EUII does not contain Customer content.
  • User name or display name (DOMAIN\UserName)
  • User principle name (
  • User-specific IP address
AccountData Customer billing information and payment instrument information, including administrator contact information, such as tenant administrator’s name, address, or phone number.
  • Tenant administrator contact information (for example, tenant administrator’s name, address, e-mail address, phone number)
  • Customer’s provisioning information
EndUsePseudonymousIdentifiers (EUPI) An identifier created by Microsoft tied to the user of a Microsoft service. When EUPI is combined with other information, such as a mapping table, it identifies the end user. EUPI does not contain information uploaded or created by the customer (Customer content or EUII)
  • User GUIDs, PUIDs, or SIDs
  • Session IDs
OrganizationIdentifiableInformation (OII) Data that can be used to identify a tenant, generally config or usage data. This data is not linkable to a user and does not contain Customer content.
  • Tenant ID (non-GUID)
  • Domain name in e-mail address ( or other tenant-specific domain information
SystemMetadata Data generated while running the service or program that is not linkable to a user or tenant.
  • Database table names, database column names, entity names

Classifying data in tables and fields

Table objects and field controls include the DataClassification property that you can use to tag data with one of the classifications previously described.

Dynamics NAV operates with some standard rules for classification:

  • When you add a new field to a table, the field is assigned an initial value of ToBeClassified.
  • FlowField and FlowFilter fields are automatically set to the SystemMetadata data classification. This cannot be changed.
  • Existing tables and fields (except for FlowFields and FlowFilters) in an application that has been upgraded from a Dynamics NAV version without the DataClassification property, will automatically be assigned the CustomerContent classification.


Microsoft is providing this DataClassification property as a matter of convenience only. It's your responsibility to classify the data appropriately and comply with any laws and regulations that are applicable to you. Microsoft disclaims all responsibility towards any claims related to your classification of the data.

For more information about this property, see DataClassification Property in C/AL.

Data classification on upgrade

When you upgrade an application from a Dynamics NAV version that does not contain the DataClassification property, existing tables and fields (except for FlowFields and FlowFilters) will automatically be assigned the CustomerContent classification. You can then access the DataClassification property on these tables and fields, and change the classification as needed. FlowFields and FlowFilters will be assigned the SystemMetadata classification automatically.

Bulk-classifying data

The Field Data Classification report, which is described in the Viewing current field classifications section in this topic, provides an overview of the data classifications for fields. The report also lets you assign data classifications for more than one field. For example, this is useful if you are assigning classifications for the first time, or have changed several fields and want to update their classifications. You can bulk-edit classifications only for fields in CSIDE. The script does not update fields in extensions.

To bulk-edit classifications, export the report to Excel, update the classifications, and then save your changes. Then, in Windows PowerShell, run the following commands to run the Import-Module script and set the classifications on the fields.

To run the script from the default folder on the DVD, run:

Import-Module WindowsPowerShellScripts\DataClassification\DataClassification.psm1

To update the DataClassification property, run the following command. Replace <FilePath> with the full path to the client files. For example, C:\Program Files\Microsoft Dynamics NAV\110\RoleTailored Client.

Set-FieldDataClassificationFromExcelFile -ExcelFilePath "C:\NAV\W1 Fields (Main).xlsx" -SheetName 'Field Data Classification' -RTCFolder "<FilePath>" -DBName Navision_NAV2 -OutputFolder C:\Nav2\Classifications

Viewing current field classifications

To view the data classification on all fields, you can do one of the following:

  • From Microsoft Dynamics NAV Development Environment, in the Tools menu, select Show Field Data Classification.
  • From the client, search for and open the Field Data Classification page.
  • Create a page that has the virtual table Field (ID 2000000041) as its source, and open the page in the client.

To view the data classification on all tables, create a page that has the virtual table Table Metadata (ID 2000000136) as its source, and open the page in the client.

See Also

How to: Create a Page to View a Virtual Table