Microsoft Dynamics/Power Platform admins: Action required for Resco Mobile CRM 18.2

Backend security considerations

From Resco's Wiki
Jump to navigation Jump to search
Security Guide

Resco mobile apps can connect to multiple CRM. Regardless of the target backend system, some security aspects remain the same:

  • Make sure that there is a reliable and secure network connection between mobile devices and the backend servers.
  • Keep your servers up-to-date with the latest security updates.
  • Configure your servers to reject all unauthorized requests.

Microsoft Dynamics CRM / Dynamics 365 (on premises)

The minimal infrastructure requirement to support synchronization with the Dynamics CRM server is that the web services and authentication services must be reachable by the client. If you configure internet-facing access, then the authentication service (for example via Active Directory Federation Services, ADFS) must also be accessible externally.

If neither the Dynamics CRM (or Dynamics 365 on-premises) server nor the ADFS endpoint is exposed to the Internet, then access by external/mobile clients should go through a trusted tunnel or network path — for example a VPN or DirectAccess connection.

Note By default, many on-premises Dynamics CRM deployments use HTTP (unencrypted) for client ↔ server communication, which is highly insecure for internet-facing scenarios. We strongly recommend implementing some ways of protecting data in transit and limiting the attack surface, for example, by enabling HTTPS and requiring TLS (preferably TLS 1.2 or higher) on all web endpoints (including ADFS).

Microsoft Power Platform / Dynamics Online

The cloud version of Dynamics 365 and the broader Power Platform offer a distinct security model compared to on-premises solutions: infrastructure is largely managed by Microsoft, but you still retain responsibility for configuration, access control, data governance, and integration policies (see guidance by Microsoft). By default, the system is designed to be securely accessible from the internet and is ready to use. We recommend using MSAL authentication.

Salesforce

In addition to the HTTPS network connection to Salesforce cloud, the Resco Mobile solution requires the target Salesforce organization to have API Access enabled. It is also crucial that Resco Cloud utilized for storing customizations and metadata (https://connect.rescocrm.com) is accessible from the mobile device.

Resco Cloud

Servers in Resco Cloud are by default configured to be accessible via internet by the Resco Mobile solution; no special configuration is necessary. Resco Cloud makes use of HTTPS protocol for all communication. When deployed as a Private Cloud solution, it is important for the company infrastructure to make sure the servers are accessible from mobile devices.

Retrieved from "https://docs.resco.net/mediawiki/index.php?title=Backend_security_considerations&oldid=13058"