User Security Governance in Dynamics 365 Finance and Supply Chain Management (D365F&SCM)

USER SECURITY GOVERNANCE IN DYNAMICS 365 FINANCE AND SUPPLY CHAIN MANAGEMENT (D365F&SCM)

CONTENT Overview User security governance features Conclusion

OVERVIEW

User Security Governance in Dynamics 365 Finance and Operations (D365FO) provides organizations with a structured framework to define, monitor, and manage user access, ensuring users have only the permissions necessary for their roles. This new Security Governance feature is available in the System administration module. It was introduced in preview with version 10.0.43 (2025 release wave 1) and became generally available with version 10.0.44, requiring activation in the Feature Management workspace.

The solution focuses on core capabilities such as detailed reporting for segregation of duties (SOD) and privileged access, process-based role and duty management, creation of new roles from existing objects, temporary role assignments, and privileged user management for time-bound access. These features simplify permission setup, particularly during new implementations, help prevent unauthorized activity, reduce errors, and support regulatory compliance with built-in audit and reporting tools. By aligning user roles with appropriate license types, organizations can also achieve cost efficiency while maintaining control and transparency across their security model.

USER SECURITY GOVERNANCE FEATURES

User security governance provides the following functionality:

Design process-based security roles, duties and privileges: A process hierarchy provides a way to organize and manage the business processes in your company. After you define the process hierarchy for your company, you can assign various tasks, and define roles, entry points, and privileges according to the business requirements. This feature has 2 components.

Security category: Security categories are custom-defined labels or tags used within “Process roles maintain” to group and categorize roles by business stream, department, function, or any logical grouping relevant to your organization. My sample categories are as follows.

Go to System administration > Security > Security governance > Security category

Process hierarchy: The process hierarchy is the foundation of organizing security role components in Dynamics 365 Finance and Operations. This step is critical because it ensures that security design aligns with how the business actually operates. Organizations should invest sufficient time in analyzing and identifying the tasks that are relevant to their specific business processes.

Once the applicable tasks are defined, the system provides the framework to configure and fine-tune security roles.

Go to System administration > Security > Security governance > Security process roles maintain

Within this screen, you can:

• Create new roles.
• Rename and restructure existing roles.
• Organize tasks under the appropriate role.
• Create duties and privileges manually.
• Generate duties and privileges automatically from task recordings.

By carefully managing the process hierarchy, companies establish a clear and logical security structure that not only meets compliance requirements but also simplifies ongoing maintenance and scalability of security in D365FO

Lastly, synchronize function syncs any changes done directly into security duties and privileges on the Core security configuration page.

When duties, privileges, and roles are created from Security governance and published to core security configuration, users can edited them in Security configuration by either adding or removing entry points. By doing this, the security object is different between two pages.

To restore changes from security configuration into security governance, use the Synchronize feature by selecting a process hierarchy level.

Go to System administration > Security > Security governance > Security process role maintain.

On the header, select Synchronize to use the feature.

Other Features

This new module allows admins to 

• Grant time-bound elevated privileges to dedicated accounts through privileged user management. We will discuss this in the next article in detail.
• Continuously monitor segregation of duties and separation of privileges. Define a threshold, and control the creation of duties/privileges that have overlapping entry points.
• Use the security audit trail to track changes that are made in user security governance.

CONCLUSION

User Security Governance in D365F&SCM introduces a governance framework that links security design directly to business processes. By leveraging a process hierarchy, organizations can create meaningful security models that align with how operations are actually performed, rather than relying on generic role structures. The module also addresses long-standing challenges such as managing privileged accounts, offering time-bound elevated access that reduces risk exposure while supporting operational needs.

Built-in monitoring and reporting, including segregation of duties analysis and audit trails, provide the transparency required for compliance and external reviews. At the same time, features such as task-based duty generation and synchronization with core security simplify ongoing maintenance and keep design consistent across environments. When combined with licensing optimization, these capabilities deliver both stronger controls and measurable cost efficiency.

In practice, this module helps organizations balance usability, compliance, and scalability. It reduces manual effort, minimizes audit risks, and provides a flexible structure that can evolve with the business. For companies seeking to strengthen their control environment in Dynamics 365 while streamlining administration, User Security Governance represents a significant step forward.