Security in Business Central SaaS: A Comprehensive Overview

Published: 16 October 2023

In recent years, Cloud ERPs like Business Central Software as a Service (SaaS) have gained immense popularity due to their enhanced flexibility and heightened security measures. These cloud-based solutions not only provide the freedom to work from any location but also offer robust security features.  

With a staggering 43% of cyber-attacks targeting small and medium-sized enterprises, it’s vital to protect the information held within your business for both your organisation and your customers. Effective security measures include setting appropriate user permissions, password protocols (like changing your password every 90 days) and employing top of the range antivirus software. Without these measures, the security of solutions like Business Central could be compromised.  

Understanding the Security of Business Central SaaS  

Business Central, a product of Microsoft, is subject to the rigorous standards outlined in Microsoft’s Modern Life Cycle Policy. This ensures a steady stream of updates, including major ones every six months, enhancing the platform’s security and functionality. The platform also employs ‘application security’ measures to bolster its security, irrespective of the hosting environment. The security approach within Business Central SaaS is layered and encompasses critical elements:  

  1. Authentication: Verification of user identity is a prerequisite before granting access to your Business Central account.  
  2. Authorisation: Post authentication, specific permissions are granted for accessing pages, reports, and other functionalities.  
  3. Auditing: Business Central boasts comprehensive auditing features, facilitating the monitoring of logins, permissions, data modifications, and more.  
  4. Data Encryption: Data on the Business Central server is securely managed through the generation or import of encryption keys.  
  5. Security Development Lifecycle (SDL): This approach integrates security compliance and necessary requirements into the software development process, aiding in building secure software.  

Ensuring Data Security in Business Central  

Microsoft actively contributes to the online security of Business Central by employing robust authentication and encryption methods. Business Central uses Azure AD for authentication, automatically set up and managed for users. This authentication is further strengthened through Transparent Data Encryption (TDE). TDE is also extended to all backups, and encryption protocols secure all network traffic within the service.  

Data backups play a pivotal role in ensuring data security. When utilising Business Central SaaS, it is deployed in a Microsoft Azure data centre. Within the data centre, backups occur weekly (full database backups), hourly (differential database backups), and every five minutes (transaction log backups). These backups are retained for a period of two weeks.  


Business Central SaaS ensures not only the convenience of cloud-based operations but also a strong security infrastructure. Microsoft’s security measures, regular updates, and a holistic approach to data security make Business Central SaaS a secure and reliable choice for businesses of all sizes. The emphasis on authentication, encryption, and comprehensive backups further underlines its commitment to safeguarding critical business data and operations.  

Want to learn more?

Download our guide to Business Central

You will be asked to provide contact details before you can access the downloadable file above.

Read More

Why using multiple layers of backup is a necessity

11 April 2024

It's important to backup. Ransomware risks continue to rise and files can become corrupted. Read our blog to find out more.

MFA: why you need additional Cyber Security defence  

14 March 2024

MFA (Multi Factor Authentication) is a great tool for adding an extra cyber protection, however it's not enough on its own.

Is an annual penetration test really necessary?

13 March 2024

Do you need an annual Penetration Test? Our CTO Simon Barnes discusses everything from what is insurance mandated and the risks involved.