How to Implement Data Masking for Sensitive Data in Dynamics 365 CRM

In today’s data-driven world, ensuring the security of sensitive information within your CRM system is crucial. Dynamics 365 CRM provides a robust mechanism to protect such data through Attribute Masking Rules. These rules help safeguard sensitive information like email addresses and credit card numbers, ensuring that unauthorized users cannot view the full details.

In this blog, we’ll walk you through the steps to set up and configure Attribute Masking Rules in Dynamics 365 CRM, with a specific focus on creating a secure masking rule for credit card details.

Step 1: You can modify or create a new Attribute masking rule from the Security section inside the Solution.

Step 2: Add the below information to create a new Masking Rule:

• UniqueName — It should be a duplicate of any other Attribute masking rule, otherwise it will not allow you to save it. Recommended — <publisherprefix>_<entityname>_<fieldname>_<SecureMaskingRule>
• Attribute — The logical name of the field on which the masking rule should be applied.
• Entity — The logical name of the entity on which the field is present.
• Secure Masking Rule — It is a rule that needs to be applied. Out-of-the-box there are a few masking rules available for your reference but you can create your own. Moving forward I have mentioned how to create Secure Masking Rules.

Here if you directly try to create the masking without enabling the field security for the column, you will get the below error —

Exception Message: Attribute ‘emailaddress1’ of entity ‘contact’ is not Secured and cannot be associated with masking rule

Users need to enable the Column Security inside the Solution for the field on which they are creating the attribute masking rule.

Below are sample Secure Masking Rules available out of the box.

Step 3: Open the Secure Masking rule to check and test the excepted result by putting the test data into the “Enter Test Data” section.

After the record is saved, you see that it will hide the actual email address and only show the domain name.

I have created a new Masking Rule to hide the Credit Card Details. If you want to create your Masking Rule then you need to learn about Regex.

Regular Expression Language - Quick Reference - .NET

Let’s set up our own Masking Rule for Credit/Debit Cards.

Set up the New Credit Card field on the Contact form and enable the Column Security.

Create a new Attribute Masking Rule and add all the configuration of the contact and its field.

After all the customization, you need to publish the customization because Attribute masking and Secure masking rules are configuration data and it will won reflect you publish it.

Result:

Here you can see the Credit Card information is entered and it is visible till you save the record.

After saving the record you can see the Email and Credit Card Information is masked based on the Secure Masking Rule.

Conclusion

Once everything is set up, you should see the credit card information masked according to the Secure Masking Rule you’ve configured. This ensures that sensitive details are protected, providing an additional layer of security within your Dynamics 365 CRM environment. By following these steps, you can confidently implement and manage Attribute Masking Rules to secure various types of sensitive data.