Security Configurations in MicroStrategy

MicroStrategy's software platform ships with hardened security configurations present by default where possible. In many cases, security configurations are dependent upon the infrastructure where the system is operated. In other cases, security configurations may be dependent upon organizational requirements and unique operating environments. This section attempts to document different security configurations which are available to further harden a MicroStrategy deployment.

Security Configuration	Workstation	Library	Mobile	Web
Certificate Files: Common Extensions and Conversions	X	X	X	X
Encryption Key Manager	X	X	X	X
Self-Signed Certificates: Creating a Certificate Authority for Development	X	X	X	X
Disallow Custom HTML and JavaScript in Dashboards, Documents, Reports, and Bots	X	X
Edit Password and Authentication Settings	X
Enable Encryption for trustStore Secret Values	X	X		X
Enable Support for HTTP Strict Transport Security (HSTS)		X	X	X
Configure Session Idle Timeouts		X	X	X
Configure a Redirect URL Whitelist in MicroStrategy Web and Library		X		X
Enable Enforcing File Path Validation		X		X
Enforce Security Constraints for the Plugin Folder in MicroStrategy Web or Library		X		X
Enable App Transport Security Using MicroStrategy Mobile SDK or Library SDK		X	X
Configure SameSite Cookies for Library		X
Configuring Security Settings on Library Administration		X
Configure SameSite Cookies for MicroStrategy Web and MicroStrategy Mobile			X	X
Configuring Secure Communication for MicroStrategy Web, Mobile Server, and Developer			X	X
Configuring Web, Mobile Server, and Web Services to Require SSL Access			X	X
Secure Communication in MicroStrategy			X	X
Configuring MicroStrategy Client Applications to Use an HTTPS URL			X
Enable HTTPS Connection Between the Refine Server and Web Server for Data Wrangling				X
Prevent a CSRF Attack				X
Specify URLs and URL Paths to Export				X
Testing SSL Access				X