locked
Dynamics 365 CRM Vulnerability and Penetration Testing possibilities? RRS feed

  • Question

  • I am working with a customer who will be rolling out CRM in Dynamics 365. The client is interested to perform the following on their entire staging environments including D365 CRM:

    Performance testing 
    Vulnerability and Penetration Testing

    I understand Azure has an established process for Penetration testing by customers as outlined here: https://security-forms.azure.com/penetration-testing/terms

    Is there a similar process for D365 for these testing? I would imagine Performance testing won't be an issue, and the tenant configuration would be the only limiting factor. However, I am interested to understand the current position on this, and also for all three types of testing. Feedback is greatly appreciated.
    Sunday, March 5, 2017 6:25 PM

Answers

  • For Dynamics 365 CRM, Microsoft forbid the penetration test, the reason given from Microsoft PG team is Dynamics 365 CRM provide the service as SaaS, Microsoft provide the server and application, so any penetration test is not allowed.

    Performance test, i did not have this idea about if it's allowed or not, you can raise up a ticket to Microsoft support for help.


    Michael Ma

    Monday, March 6, 2017 3:28 PM

All replies

  • For Dynamics 365 CRM, Microsoft forbid the penetration test, the reason given from Microsoft PG team is Dynamics 365 CRM provide the service as SaaS, Microsoft provide the server and application, so any penetration test is not allowed.

    Performance test, i did not have this idea about if it's allowed or not, you can raise up a ticket to Microsoft support for help.


    Michael Ma

    Monday, March 6, 2017 3:28 PM
  • Thanks Michael, that's helpful. Appreciate your response.
    Tuesday, March 7, 2017 8:52 AM