1. Visit our Focus Rooms Evaluation of Implementation Proposals by Dynamics AX R&D Solution Architecture & Industry Experts Gain further insights on Dynamics AX Industry Solution Offerings Resolution Guidance on Solution Roadblocks Networking Focus Topic Highlight Business Intelligence Tuesday 2.15pm – 5.45pm Risso 6C Risso 8A Risso 7B Risso 7A Risso 6C Risso 6A/B

2. NICE,FRANCE LEARN | INSPIRE | INNOVATE TECHNICAL CONFERENCE 2011

3. DEPLOYING AND MANAGING SECURITY USING THE NEW ROLE-BASED SECURITY MODEL PARTH PANDYA SESSION CODE : BRK222 MICROSOFT DYNAMICS AX R&D MICROSOFT CORPORATION

4. DISCLAIMER ©2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. Other names and brands may be claimed as the property of others. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. All pre-release product release dates and features specified are preliminary based on current expectations, and are subject to change without notice. Microsoft may make changes to specifications and product descriptions at any time, without notice. Sample code included in this presentation is made available AS IS. THE ENTIRE RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE USER. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS PRESENTATION. Microsoft products are not intended for use in medical, life saving, or life sustaining applications.

5. Today we will show you… Introduction to the Role-based security framework Ease of security administration using the new framework How to manage user’s access to data using data security policies How to enable external users access to data

6. Components in action today

7. Pains and challenges Chris - IT Manager Needs to become compliant with security requirements for the organization Needs to ensure that the system meets segregation of duty requirements Needs the system to react to changing business requirements without his extensive involvement Needs to isolate internal system resources from external users of the system, like customers and vendors Needs the ability to model and manage data security policies to support complex business requirements

8. Security Concepts Overview

9. Dynamics AX 2012 Security Now Enables… Faster Implementation building upon a comprehensive set of Role definitions Role-tailored User Experience that adapts to dynamic business requirements Comprehensive Data Security modeled as per unique business requirements Extending ERP Functionality to external users without risk to intranet resources Making Security and Simplicity Coexist

10. Product Demos #TitleKey Features 1.Role-Based SecurityRole definitions Role-tailored User Experience Administration UI 2.Managing User’s Access to Data Dynamic Role Assignment Data Security Policy enforcement 3.Enabling External User AccessClaims-aware user provisioning Flexible authentication

11. Fleet Management Business 1.FM Inc. has multiple branches and locations in the states of Washington (WA) and California (CA) 2.FM Inc. sometimes uses vendors to manage its car rentals Marie Branch Manager Chris IT Engineer Terrence Rental Clerk Lisa Rental Clerk

12. demo Demo 1: Role-Based Security

13. DEMO 1: Role-Based Security PersonaPain Points and ChallengesFeatures CoveredResults and Benefits Configuring and managing security is a complicated task Role definitions Administration UI Role-tailored experience Customers can choose from a comprehensive set of baseline role definitions Faster and more reliable security implementation Chris

14. Permissions (20,000+) Permissions (20,000+) Privileges (5777) Privileges (5777) Duties (767) Duties (767) Roles (80) Roles (80) Process Cycle Group of duties for a job function e.g. “Branch Manager” Group of related privileges required for a job function e.g. “Basic Duties” Group of entry points with associated access levels e.g. “View Customer Records” Group of base objects and required permissions e.g. “CustomerTable” Role-based Security Concepts

15. Role Design Principles Least Privilege Segregation of Duties Manager Employee Reports to Supervisor Clerk/Agent Verifier Source document Verify Authorize Records RecordingVerificationAuthorizationManagerial review Clerk/AgentVerifierSupervisorManager

16. demo Demo 2: Managing User’s Access to Data

17. DEMO 2 : Managing User’s Access to Data PersonaPain Points and ChallengesFeatures CoveredResults and Benefits Users need their security settings explicitly modified when there is a change in position or job duty Dynamic Role AssignmentUser is dynamically assigned to appropriate roles based on preconfigured rules, thereby saving administrative costs and time Large numbers of policies required to enforce security requirements X++ coding required to ensure comprehensive enforcement Data Security Policy enforcement Rich Data Security Policies modeled as per business requirements Chris

18. Extensible Data Security Conceptual Model Role/Application Context Primary Table Constrained Table Query Results

19. Extensible Data Security : Concepts & Value

20. Runtime Query Augmentation SELECT * FROM SalesTable T2 WHERE T2.amount > 1000 SELECT * FROM SalesTable T2 WHERE T2.amount > 1000 SELECT * FROM SalesTable T2 WHERE (T2.amount > 1000 SELECT * FROM SalesTable T2 WHERE (T2.amount > 1000

21. demo Demo 3: Enabling External User Access

22. DEMO 3 : Enabling External User Access PersonaPain Points and ChallengesFeatures CoveredResults and Benefits Requiring all Dynamics AX users to also be Active Directory users introduces management costs Limits scenarios involving external users Claims-aware user provisioning Flexible authentication External users can now access the Dynamics AX system without being AD users Scenarios such as the Vendor Self-Service and Customer Self-Service are now enabled Chris

23. Flexible Authentication Architecture Dynamics AX Database User Database Active Directory User Live ID User AD Federated User Forms-Based Authentication User Active Directory ADFS AOS (Application Object Server) Forms-Based Authentication Provider Membership Provider(s) LiveID Provider ADFS Provider Active Directory Provider Custom STS

24. Top Tips from the Session Plan for role-based deployment – What access does each job function need? Review out-of-the-box role definitions supplied with the product Customize role definitions as per design guidelines and maintain overrides as required Design roles following the principles of least-privilege usage Create and manage Segregation of Duties rules if required Create dynamic role assignment rules to deal with common administrative tasks Maintain user-role-organizational assignment to seamlessly apply data security Identify scenarios where you want external users to access your system

25. With This Release You Now Can…

26. Related sessions BRK223 – A Developers guide to Role-base Security (RBS) and eXtensible Data Security (XDS) CHK211 – Security: Developing and Administering with the new RBS and XDS Frameworks Q&A ILL204 – Security Model Setup BRK221 – Code Upgrade Tools for Developers

27. Visit our Focus Rooms Evaluation of Implementation Proposals by Dynamics AX R&D Solution Architecture & Industry Experts Gain further insights on Dynamics AX Industry Solution Offerings Resolution Guidance on Solution Roadblocks Networking Focus Topic Highlight Business Intelligence Tuesday 2.15pm – 5.45pm Risso 6C Risso 8A Risso 7B Risso 7A Risso 6C Risso 6A/B

28. Q&A

29. © 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows 7 and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.