Microsoft Dynamics 365 Iterative Security Assessment - 12 Week Assessment


Develop and maintain an integral and conflict-free security design of the Microsoft Dynamics 365 Finance & Supply Chain environment.

Protiviti has been consistently delivering on Security and Compliance Solutions within Dynamics 365. With our extensive background in Internal Audit – we are experts in developing and maintaining an integral and conflict-free security design of the Dynamics 365 Finance and Supply Chain environment. We provide Segregation of Duties and Security Access, enabling organizations to identify and mitigate the risks associated with user access. We also provide further understanding of the overall security within the Dynamics 365 system. 


  • Identify and document mitigating controls for all high-risk user SoD conflicts resulting from required role combinations.
  • Maintain the integrity and conflict-free design of the Dynamics 365 Finance & Supply Chain environment by reviewing and refining security processes around user provisioning and role change management
  • Establish processes and ownership for maintaining the organization’s rulesets
  • Establish clear organizational roles and responsibilities around security governance

Activities to be Completed:

The following steps provide a brief overview of the approach when building security. As part of the security and controls team, we work with the project team by providing timely assessments to make sure roles are risk free and user assignment minimizes risk as much as possible.

Role Level Analysis

  • Build Roles
  • Run SoD Analysis

User Analysis

  • User Mapping
  • SoD Analysis and Document Mitigating Controls

UAT and Production Migration

  • User Acceptance Testing
  • Migrate to Production


  • An SoD and Sensitive Analysis of Dynamics 365 Finance & Supply Chain Security Access
  • User Mapping and Analysis Report
  • Sensitive Access rulesets and risk ranking definitions
  • Custom Roles with SoD Analysis
  • Executive Summary Readout with observations and recommendations
  • Road map detailing next steps

The cost associated with the activity is highly dependent on number of users and roles – and can only be truly determined on case-to-case basis.

In uno sguardo