An ERP system provides unified business functions to organizations by integrating data and processes from different departments, such as human resources, accounts receivable, accounts payable, inventory management, and general ledger. Since the ERP system stores all the company data, ERP security is extremely important. Dynamics 365 for Finance and Operations provides a comprehensive security model to secure application access and defines the security policy for business users using security roles and data security policies.

The following diagram provides a high-level view of the security architecture used in Dynamics 365 for Finance and Operations:

As shown in the preceding diagram, there are three components of security architecture:

• Authentication: As discussed earlier in this chapter, Azure AD is used for the authentication process in Dynamics 365 for Finance and Operations. If the user is not authenticated, the connection to the application will be closed.
• Authorization: Authorization is the control of the application access. Once the user is authenticated, the Finance and Operations application determines what the user can see based on the security role they are assigned. Security roles comprise duties and privileges that are designed to secure individual user interface elements, tables and fields, reports, and service operations. The privileges defined in the application also define the access levels, such as delete, read, and write. Based on the access level, the application element access is controlled for the user at runtime.
• Data security: Data security is used to deny access to tables, fields, and rows in the database. An extensible data security framework provides the ability to filter data based on the user context. The table permission framework provides the ability for AOS servers to enforce permissions on certain tables.

As we have learned in this section, the Dynamics 365 for Finance and Operations architecture is built for the cloud and utilizes the investment and innovation happening in the Microsoft Azure cloud. The Finance and Operation development architecture allows customers and partners to extend the existing application and build new features. Using modern cloud integration technologies, you can easily integrate Finance and Operations with other applications in your organization. LCS are used for managing the application life cycle, from the initial environment provisioning to the latest updates, application health monitoring, and troubleshooting. 

With an understanding of the complete architecture, let's now learn Dynamics 365 for Finance and Operations cloud and on-premises deployment options and understand the differences between the two, as well as looking at a number of recommendations.