Crm Minds

,

Creating and Managing Data Masking Rules in Dynamics 365

Why Data Masking Matters

Data security is a top priority for businesses dealing with sensitive customer information. In Dynamics 365, data masking helps prevent unauthorized users from seeing confidential data such as credit card numbers, social security numbers, and email addresses. This ensures that sensitive information remains protected while allowing authorized users to access it when needed.

This post will walk you through creating and managing data masking rules in Dynamics 365, helping you maintain compliance and security in your system.

What Is Data Masking?

Data masking is a technique that hides sensitive information by replacing it with masked characters (e.g., # or *). It ensures that only authorized users can see unmasked values, while frontline agents and other unauthorized users only see the masked data.

How It Works

  • Uses regular expressions (regex) to detect sensitive data patterns.
  • Applies masking rules to replace detected values with predefined masked characters.
  • Ensures sensitive data is protected in forms, grids, reports, and logs.

For example, if a customer enters their credit card number, the system can automatically mask it like this:

Original: 4111-1111-1111-1234
Masked: ####-####-####-1234

Creating a Data Masking Rule

To create a new data masking rule in Power Apps:

  • Go to Power Apps and navigate to your solution.
  • Create a new component by selecting Security > Secured Masking Rule.
  • Fill in the required details:
    • Name: cm_CreditCardMasking
    • Display Name: Credit Card Masking
    • Regular Expression: (?:4[0-9]{12}(?:[0-9]{3})?|[25][1-7][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\d{3})\d{11})
    • Masked Character: #
  • Test the rule using the test data field.
  • Save the rule.

Once created, this rule will automatically mask all credit card numbers matching the regex pattern.

There are many websites that will help you write regex. My suggestion is to use these websites instead of trying to write regex from scratch on your own.

Managing Data Masking Rules

After creating a masking rule, you can edit, activate, deactivate, or delete it.

Editing a Masking Rule

  1. Go to Power Apps > Solutions.
  2. Select the masking rule you want to edit.
  3. Modify the regex pattern or masked character.
  4. Save the changes.

Deleting a Masking Rule

  1. Navigate to Power Apps.
  2. Locate the masking rule.
  3. Click on the ellipsis (…) and select Delete.

Note: You can only have up to 10 active masking rules at a time.

Assigning Masking Rules to Columns

Once you create a masking rule, you need to assign it to a specific column.

  1. Go to Power Apps > Tables.
  2. Select the table containing the sensitive column.
  3. Click on Columns > Edit.
  4. Under Advanced options, enable Column Security.
  5. Select the Masking Rule from the dropdown.
  6. Save the changes.

Now, any data entered in that column will be automatically masked.

Controlling User Access to Masked Data

You can define who can see unmasked data using Column Security Profiles.

  • Read (Masked): Users see only masked values.
  • Read Unmasked (One Record at a Time): Users can view unmasked values for individual records.
  • Read Unmasked (All Records): Users can view unmasked values across multiple records (highly restricted).

To manage these permissions:

  1. Go to Power Apps > Security.
  2. Select Column Security Profiles.
  3. Assign permissions to users or teams.

Viewing Unmasked Data via API

Users with unmasked read permissions can retrieve unmasked data using Web API.

Example API Calls

  • Get all masked columns in a record:GET https://yourorg.api.crm.dynamics.com/api/data/v9.1/contacts(recordid)?UnMaskedData=true
  • Retrieve a specific masked column:GET https://yourorg.api.crm.dynamics.com/api/data/v9.1/contacts(recordid)?$select=cm_creditcard&UnMaskedData=true

Conclusion

Data masking is a crucial feature in Dynamics 365 to protect sensitive customer information while still allowing necessary access. By setting up masking rules, assigning them to columns, and managing user permissions, you can ensure data security and compliance in your system.

Popular Tags

add-in Azure Azure-Functions Cloud Flow Csharp dataverse Dynamics 365 Dynamics CRM Flow Javascript lookup oauth2 Plugin Power Apps Power Automate Power Platform programming SharePoint workflow

Leave a comment