The Microsoft trust center provides a very nice summary of the security concepts related to Dynamics 365 Online. The information on this page mentions Dynamics CRM Online, but the same is relevant for Dynamics 365.
https://www.microsoft.com/en-us/trustcenter/Security/CRMSecurity
The security related to Dynamics CRM can be defined in the following areas:
- Secure Identity
- Secure infrastructure
- Secure apps and data
Secure Identity
Dynamics CRM Online uses the Microsoft identity platform for access & authentication which is the same as any other Office 365 app. The login & password that you use to access Office 365 will be used to access CRM Online as well. Office 365 platform provides you with various versions of the Azure Active Directory. You will have access to the directory once you sign up with any of the Office 365 services. Different versions and the functionality that it provides are listed here: https://www.microsoft.com/en-us/cloud-platform/azure-active-directory-features
If your requirements are to restrict access to CRM during business hours or implement two-factor authentication for CRM Online access, then you would need to get AAD (Azure Active Directory) premium edition. The login and access to CRM Online can be configured to specific requirements and detail with the AAD Premium versions beyond just the one that is included when you sign-up for CRM Online.
Secure Infrastructure
Dynamics CRM Online has been hosted and implemented on the robust cloud infrastructure put in place by Microsoft. Microsoft has invested in making reliable infrastructure with online security as well as physical security of its data centers and the above links provide information in detail on the security of its data centers. They also provide information on Microsoft’s efforts to combat online threats through proactive risk management.
Secure apps and data
Dynamics CRM Online as an application provides various options for securing the application and data access for its Users. The application configuration along with licensing and data ownership provides all the means to secure your data and configure the application based on your security requirements. It provides security within the application along with the following topics:
Business Units
Role-based security
User-based access and licensing
Teams
Record-based security
Hierarchy security
Field-based security
Each of the above configuration options can be setup to the security desired by the application and data that will be stored and accessed in CRM Online. All of the topics warrant a requirements discussion and an implementation of a combination of these features to leverage the functionality and get the desired results without compromising any performance or data security.