Security has always been a cornerstone of Microsoft’s product philosophy—and for good reason. In fact, it’s been almost a year since Microsoft published its “Prioritizing Security Above All Else” memo, launching the Secure Future Initiative. This approach is grounded in three core principles: Secure by Design, Secure by Default, and Secure Operations.
As a Dynamics 365 implementation agency, I recently attended a Microsoft webinar that shed light on upcoming capabilities around User Security Governance (USG) in Finance and Operations (F&O) apps. Below is a summary of the key takeaways and how these enhancements can help you stay secure, compliant, and cost-effective.
Current Challenges with User Security
Managing user roles, licensing, and security configurations in D365 F&O has long been a complex undertaking—especially for larger organizations running transformational programs. Common challenges include:
- Difficulty defining appropriate security roles during implementation and testing phases
- Admin-heavy go-lives due to delays in role definitions
- Inappropriate access leading to potential fraud or reporting errors
- Lack of visibility and control to meet internal or external audit requirements
- Dependence on ISV add-ons to meet compliance and security standards
And now, with the growing presence of generative AI, the urgency to safeguard sensitive data is even greater.
Introducing User Security Governance (USG)
The upcoming User Security Governance features aim to address these pain points natively in the D365 F&O platform—eliminating the need for additional third-party tools. Once enabled, USG will deliver a comprehensive set of tools to:
- Simplify role creation
- Provide licensing visibility
- Improve audit readiness
- Enhance privilege and access control
Here’s what’s coming.
Key Features and Improvements
Process-Based Security Role Creation
Traditionally, security roles in D365 were built using pre-defined objects—roles, privileges, duties, and entry points. With USG, you’ll now be able to build roles directly from your business processes.
Using tools like Task Recorder, you can capture end-to-end processes and import them into the USG module. The system will automatically extract relevant entry points and generate a role template based on actual activity—making security setup faster, more accurate, and more aligned with your operations.
Import Security Hierarchies
In addition to Task Recorder, USG supports role and hierarchy creation via XML file imports, allowing for a quicker setup of complex security frameworks. This is especially useful during implementation or restructuring phases.
Temporary Role Assignment
System administrators will now have the ability to assign roles temporarily—for instance, to cover someone on parental leave. Once the defined period ends, the extra permissions are revoked automatically. No manual follow-up needed.
Privileged User Management (Firefighter Roles)
Need to grant elevated access for a specific task—like performing a budget audit over the weekend? The Firefighter Role feature lets you assign temporary privileges for a defined session and automatically records all activity for audit purposes.
Segregation of Duties & Privileges
To prevent overlapping roles and reduce licensing costs, USG will support continuous monitoring of segregation of duties (SoD). This makes it easier to maintain a clean, compliant, and cost-efficient security model.
License & Compliance Reporting
Several powerful new reports are coming:
- License Consumption Reports – View usage by role, duty, privilege, and entry point
- User Aging Reports – Analyze login frequency and activity levels to evaluate license needs
- Role Audit Trails – Track changes to user roles and access levels over time
- Versioning – Maintain snapshots of your security architecture for historical comparison or rollback
- Duty Substruction – Create new roles by modifying or reducing existing ones
Together, these tools provide a 360° view of your security and licensing landscape, giving system admins the insights they need to optimize both compliance and cost.
Built to Support the Full Lifecycle
Microsoft’s Business Process Catalog continues to expand and now includes supporting processes like “administer to operate”. That means these new USG features are relevant not just during implementation, but across the full D365 lifecycle—from setup to ongoing compliance monitoring and user access management.
If you haven’t already, I highly recommend reviewing the Business Process Catalog to see how these features fit into your end-to-end process landscape.
Final Thoughts
User Security Governance is a significant leap forward in how security is managed within Dynamics 365 Finance & Operations. From more intuitive role creation to audit-ready reporting, these features aim to:
- Strengthen security posture
- Improve admin efficiency
- Reduce licensing costs
- Boost compliance
As a D365 implementation partner, I see these updates as a game-changer for clients navigating growth, complexity, and regulatory demands.
Have questions about how to prepare or enable these features in your environment? Reach out — I’d be happy to discuss how USG can benefit your business.