*
en | de
Citizen Developer
Timespan
explore our new search
​
Dataverse: Data Masking Rules Explained
Microsoft Dataverse
Aug 26, 2025 9:31 AM

Dataverse: Data Masking Rules Explained

by HubSite 365 about Dian Taylor - [MVP] (Dynamics 365 Talk)

Microsoft MVP | Dynamics 365 CE Presales Engineer - Director at RSM US LLP | LinkedIn Learning Author

Citizen DeveloperWhat's HotMicrosoft DataverseLearning Selection

Microsoft Dataverse data masking preview adds flexible column security in Power Platform and Dynamics for safer data

Key insights

  • Summary of a YouTube video: Column-level security offers all-or-nothing access to a column, useful for hiding entire fields like salaries or social security numbers.
    It cannot show partial values such as only the last four digits.
  • Data masking rules are a new preview feature that let admins hide parts of a column and reveal only what’s needed, for example masking characters before the @ in an email.
    This gives flexible partial masking instead of full hide-or-show behavior.
  • Supported column types: masking rules apply only to number, single-line text, and multi-line text columns in this preview.
    Other column types are not supported yet.
  • Mask behavior and icons: admins choose the mask character (such as * or #) and define which characters to replace.
    Users without permission see the mask characters; users with permission see the real value and an eye icon next to the field.
  • Security management: read permissions for masked columns remain controlled through column-level security profiles.
    Apply masking rules per column and use profiles to decide who sees masked versus full values.
  • Creating and testing: start in a non-production environment because the feature is in preview.
    Use built-in rules or create a new secured masking rule inside a solution to test scenarios like email or partial SSN masking and provide feedback to Microsoft.

Overview of the video

The YouTube video by Dian Taylor - [MVP] (Dynamics 365 Talk) explains new Dataverse capabilities for masking sensitive values at the column level. In it, Taylor contrasts the legacy column-level security model with the more flexible masking rules that are now in preview. Furthermore, she frames the feature as a way to reveal only what is necessary, such as the last four digits of a social security number, rather than an all-or-nothing approach. Consequently, the video serves as a hands-on introduction for makers and admins who want to test this feature.

Taylor emphasizes that the feature is currently in preview and recommends experimenting in non-production environments. She explains why preview testing matters and encourages viewers to provide feedback to Microsoft. In addition, the video mixes conceptual explanation with a practical demo to help viewers try out the feature themselves. Overall, the tone is practical and focused on adoption steps.

How masking rules work

First, Taylor outlines the mechanics: a maker defines one or more masking rules and applies them to eligible Dataverse columns. Importantly, masking rules currently support only number, single-line text, and multi-line text columns, so complex field types remain out of scope for now. Moreover, admins choose which character appears in place of hidden data, such as * or #, and decide how much of the data to expose.

Second, Taylor highlights the permissions model: access to read a masked column remains controlled by the existing column-level security profile. However, if a user lacks read permission, they will see the masking characters instead of the real data, and if they do have permission an eye-shaped icon appears next to the masked column. Thus, the feature blends familiar security controls with finer-grained display rules. As a result, teams can show partial values while still enforcing strict access controls.

Step-by-step demonstration

In the demo segment, Taylor walks through creating a new masking rule inside a solution in the Power Apps maker portal. She creates a solution named "Masking Rules", then selects Security > Secured masking rule to open the rule editor, and gives the rule a clear name for tracking. For example, she builds a rule to hide characters before the @ sign in email addresses but leaves other text intact, so an input like "Here is the email address: dian@gmail.com" becomes "Here is the email address: ****@gmail.com".

Taylor also points out that Dataverse ships with a few default masking rules that you can review or adopt, which helps teams get started faster. She recommends testing these rules in a sandbox environment to verify behavior across forms, views, and any integrations that display the masked column. This testing step is crucial because masking affects not only the UI but also how data appears in exports and API responses. Therefore, careful validation reduces surprises when you enable masking for production scenarios.

Tradeoffs and challenges

While the new masking rules improve flexibility, Taylor explains several tradeoffs to consider before broad adoption. For instance, masking introduces additional administrative complexity because you must manage both masking rules and column-level security profiles, which can increase the chance of misconfiguration. Furthermore, masking currently supports only certain column types, so organizations with diverse field needs may face partial coverage and must keep legacy approaches in play.

Moreover, Taylor warns about user experience and integration challenges: masked values may confuse users who expect to see full data, and integrations that read column values may receive masked output unless properly authorized. Performance and auditing implications also require thought, since additional checks and transformations might affect how quickly data renders and how logs record access. Consequently, teams should weigh these factors when planning a rollout.

Best practices and recommendations

Taylor recommends a phased approach: begin with non-production testing, apply masking to a small set of high-value columns, and iterate based on feedback. She also advises using clear naming conventions and documentation for masking rules so administrators can trace which rule applies to which column and why. Additionally, coordinate with integration teams to ensure APIs and downstream systems handle masked values appropriately.

Finally, Taylor underscores the importance of training and communication so end users understand why some values appear masked and when they will see full data. By combining careful testing, consistent naming, and user education, organizations can reduce risk and make effective use of masking rules. In short, the video provides practical steps and thoughtful warnings to help teams adopt this new capability safely.

Microsoft Dataverse - Dataverse: Data Masking Rules Explained

Keywords

Dataverse data masking, Dataverse masking rules, Power Platform data masking, Dataverse security best practices, Sensitive data protection Dataverse, Mask sensitive columns Dataverse, Dataverse access control, Dynamic data masking Dataverse