Success by design security checklist for key activities in application security

Privacy and compliance

Done?	Task
✓	Understand the responsibilities of the service provider as a data processor and the customer responsibilities as the owner and data controller. Make sure both sides comply with the relevant laws and regulations.
✓	Review the Dynamics 365 cloud service agreements and compliance documentation. Learn about the policies and procedures for handling data, disaster recovery, data residency, and encryption.

Identity and access

Done?	Task
✓	Create an identity management strategy that covers user access, service accounts, application users, federation requirements for single sign-on, and conditional access policies.
✓	Create administrative access policies for different admin roles on the platform, such as service admin and global admin.
✓	Apply and follow the relevant data loss prevention policies and procedures to make changes or request exceptions.
✓	Have the necessary controls to manage access to specific environments.

Application security

Done?	Task
✓	Understand the app-specific security features and use the native access control mechanisms instead of customizing the build.
✓	Understand that hiding information from the view doesn't remove access. There are other ways to access and extract information.
✓	Understand the impact of losing the security context when you export the data.
✓	Optimize the security model for performance and scalability by following the security model best practices.
✓	Have a process to map changes in the organization structure to the security model in Dynamics 365. Do it carefully and sequentially to avoid unwanted cascading effects.

Next steps

• Learn about security controls in Dynamics 365
• Learn about security features in customer engagement apps
• Learn about security features in Power Pages
• Learn about security features in finance and operations apps
• Learn how to make security a priority from day one