Notifications
Clear all
Topic starter
28/05/2026 11:39 am
TL;DR: Delinea’s DynamicsCon and DynamicsMinds resource roundup centers on access governance for Microsoft Dynamics 365, with emphasis on Segregation of Duties, license compliance, telemetry, and business-application risk management as identity controls strain under AI adoption and broader operational complexity. The underlying issue is not feature breadth but whether governance teams can still see, prove, and enforce access decisions fast enough.
NHIMG editorial — here’s why we think this discussion matters
By the numbers:
- Delinea's 2026 Identity Security Report confirms that AI adoption is rapidly outpacing identity controls.
- For over 20 years, organizations have relied on Fastpath, now part of Delinea, for strong internal controls, such as Segregation of Duties (SoD), in Microsoft Dynamics and across other critical business applications to reduce risk and maintain compliance.
- Fastpath solutions integrate with Dynamics 365 Finance & Supply Chain, Business Central, Customer Engagement, and with Dynamics AX and Dynamics GP.
Questions worth separating out
Q: How should teams govern access in Dynamics 365 environments?
A: Start with business transactions, not directory roles.
Q: Why do enterprise applications complicate IAM more than standard user directories?
A: Enterprise applications embed process logic, approvals, and data paths that directory IAM does not understand.
Q: What is the difference between access review and access governance?
A: Access review checks whether a permission still looks appropriate.
Practitioner guidance
- Map SoD conflicts to business transactions Identify the specific Dynamics 365 actions that should never be held by the same identity, then test roles and exceptions against those combinations before production approval.
- Use telemetry to remove dormant access Tie access review to observed use, then revoke entitlements and licenses that show no legitimate activity over a defined review window.
- Separate human and non-human access paths Document service accounts, integrations, and delegated admins as distinct control classes so they are reviewed differently from end users.
Dynamics environments expose how quickly access risk moves from human role management into service accounts, workflow automation, and delegated administration, which means control owners need one policy model for both people and NHIs?
👉 Read Delinea’s Dynamics 365 access governance resources and report →
Explore further
28/05/2026 11:43 am
Dynamics 365 access governance is now an operational control plane, not an audit afterthought. ERP and CRM platforms concentrate financial authority, change rights, and data visibility in ways that make access decisions business-critical. Once service accounts, delegated admins, and workflow identities are involved, the line between IAM and NHI governance disappears. Practitioners should treat Dynamics access governance as a continuous control function, not a periodic certification exercise.
A few things that frame the scale:
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to The State of Non-Human Identity Security.
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, which is why identity governance has to cover delegated access paths as well as direct logins.
A question worth separating out:
Q: Should organisations treat service accounts like user accounts in Dynamics controls?
A: No. Service accounts should be governed as non-human identities with distinct ownership, purpose, rotation, and review requirements. They often have broader or less visible access than people, so the controls need to focus on lifecycle, usage, and blast radius rather than simple identity attributes.
👉 Read our full editorial: Dynamics 365 access governance exposes the gap between controls and AI
