Skip to main content

User Security Governance (Preview) feature in D365 FO

Let's take a first look at User security governance. It is the latest set of features in the D365F&O 10.0.43 update which provides useful tools to System administrators for role management, licenses auditing, enhanced audit trails and versioning, supported with some useful very useful reports around license usage, separation of duties violations etc.

Key aspects of this feature include:

  • Role Management: Improved tools for creating, modifying, and managing user roles.
  • Audit Trails: Enhanced tracking of changes made to security settings, helping administrators monitor and review security configurations.
  • Compliance: Tools to ensure that security settings comply with organizational policies and regulatory requirements.

Feature management

A new feature called (Preview) User security governance has been added to Feature management to control the overall functionality.

Navigate to System administration > Security > Security governance to explore all the features.

Security analysis
A list of different roles with their corresponding privileges, alongside their access levels such as read, update, create and delete.

Click on User entry points to see a view of roles and their users, duties and their users, privileges and their users, and menu items and their users.


License usage summary
Useful for organizations trying to determine the level of access that individual users have, and for optimizing license allocations by controlling access points to different form

Security category
Is meant to keep track of security categories. 

User activity aging
Keeps track of user log on sessions


Security versions
Currently empty

Role audit trail
Currently empty

Temporary role management
Assign elevated levels of access to a user on a temporary basis


Roles violating segregation of duties rules
Violations related to segregation of duties
Privileged user management
Allow temporary elevated access for users to be privileged user


New Security Setup section on form information
A new section called Security setup has been added to the form information. This Security setup section is meant to provide the name and type of the Menu item, as well as the required permissions for the form access.

Click View permissions to see all the permissions required to access this form
For a more detailed overview, you can check out this video introduction

A techtalk is also scheduled to discuss User Security Governance Overview​ in Dynamics 365 Finance and Operations and how you can enhance your organization’s security posture, streamline role management, and optimize licensing costs with this feature. More information on the upcoming techtalk here.

Comments

Post a Comment

Popular posts from this blog

Conditionally Hiding Menu Items in D365 FinOps Menus Without Using Feature Keys

In Microsoft Dynamics 365 Finance and Operations (D365 F&O), menu items are the links that can be clicked on to access forms, reports, classes, jobs, and queries. Feature keys are typically used to control the visibility of menu items based on user licenses. However, there are scenarios where you might want to hide menu items conditionally without relying on feature keys.  This can be accomplished by extending the 'SysMenuNavigationObjectFactory' class and modifying the checkAddSubMenu(...) method.  Suppose we want to hide the  Vendor payment journal menu item under Accounts payable > Payments > Vendor payment journal Steps 1. Create an extension of the SysMenuNavigationObjectFactory class [ ExtensionOf ( classStr (SysMenuNavigationObjectFactory))] internal final class SysMenuNavigationObjectFactory_PS_Extension { } 2. Create a Chain of Command (CoC) for the checkAddSubMenu method [ ExtensionOf ( classStr (SysMenuNavigationObjectFactory))] internal final...
Post a Comment
Read more

Microsoft Dynamics 365 FSCM Licensing - New Multi-License Mapping on Menu Items

Licensing in enterprise systems has long been a game of mapping menu items to license types, ticking boxes, and hoping your role design didn’t trigger unexpected costs. But with the 2025 updates to Dynamics 365 Finance and Operations, Microsoft has flipped the script—ushering in a smarter, more flexible model that reflects how users actually work. Let’s break it down. In the legacy model, each menu item was tied to a single license type. For instance, if a user accessed MenuItemA that had a Finance license type on it, they needed a Finance license. If they accessed MenuItemB with SCM assigned on it, they needed SCM. Simple? Yes. But also rigid, prone to over-licensing, and blind to real-world role overlap. Example:  This model treated licensing like a static blueprint—ignoring the nuance of blended roles, attach licenses, and shared responsibilities across departments. Fast forward to 2025. Microsoft’s new licensing logic is object-level, dynamic, and context-aware. Now, a single m...
1 comment
Read more