BizTalk Server Security

Microsoft® BizTalk® Server provides a standard gateway for sending and receiving documents both within an intranet and through the Internet. Due to the possible business-critical nature of the messages sent to and from BizTalk Server, it is important to consider measures for securing these messages and the information they contain both as they are in transit and while BizTalk Server processes and stores them. This section provides information about the BizTalk Server security features, and how you can use them to secure your data and environment.

BizTalk Server uses the following measures to secure inbound and outbound messages, to secure the runtime and configuration information, and to integrate securely with other applications and systems:

Message security

  • Authenticating the sender of a message. BizTalk Server can authenticate the sender of a message (either by using the certificate information or Windows integrated Security) in order to validate the identity of the sender of the message. For more information, see Inbound Message Authentication.
  • Authorizing of the receiver of a message. After BizTalk Server receives the message, BizTalk Server can determine what processes and users have permissions to receive the message. For more information, see Authorizing the Receiver of a Message.

Runtime and configuration security

  • Access control and securing data. BizTalk Server uses access control to ensure that BizTalk Server processes have appropriate limits and that access to business critical information is controlled. In other words, BizTalk Server ensures that users and accounts have the least user rights possible to enable them to do their tasks. For more information, see Access Control and Data Security.

Integrated security

  • Enterprise Single Sign-On. BizTalk Server uses Enterprise Single Sign-On (SSO) to ensure that it encrypts the sensitive configuration information that the adapters, send, and receive locations require, thus ensuring that BizTalk stores and transmit this information in a secure manner. For more information, see Using Enterprise Single Sign-On.

For more information about securing a BizTalk Server deployment, see Planning a Secure Deployment.

This section contains:

To download updated BizTalk Server 2004 Help from, go to

Copyright © 2004 Microsoft Corporation.
All rights reserved.