How to Audit More Actions Across Office 365 & Dynamics 365 Apps

Audit more actions in Dynamics 365

Previously, it was only possible to audit Create, Update and Delete events in Dynamics 365 as Read events weren't tracked unless plugins were implemented to be triggered upon retrieve actions.

Thanks to a recent activity logging feature, read auditing can now be configured across Customer Engagement / CRM records. 

The main differences that activity logging offers are that user and admin activities can be logged across Microsoft Office 365 and Dynamics 365 for Customer Engagement apps. Also, with auditing occurring at the SDK layer of Dynamics 365 more data is logged beyond just activities. For example, this can include displaying a single record or a list of records in a view.

Requirements: Activity logging requires an Office 365 Enterprise E3 or E5 subscription and is available for production environments only.

Within the auditing tab for Dynamics 365 Customer Engagement system settings read auditing can be set. Then, in the system customisations, auditing will be activated for each relevant entity level, and then check boxes will be selected to enable single recording auditing to track when a record is opened (Retrieve message) and multiple record auditing when a list of records are retrieved, within a view or through an Excel export (Retrieve Multiple messages).

Audited Events

User and support related events that are tracked including:

  • User sign-in authentication -  to log all user sign-ins to the environment when the read auditing is selected
  • Create, read, update & delete logging
  • Multiple record view -  to include grid views and advanced find
  • Export to Excel
  • SDK calls via custom apps

Schema Fields

Schemas define which Dynamics 365 fields are sent to the Office 365 Security and Compliance Center. Some fields are common to all apps that send audit data to Office 365 while others are specific to Dynamics 365 for Customer Engagement. 

The Base schema contains common fields including:

  • UserKey - Unique Identifier of the User in Azure AD
  • Id - Unique GUID for every row logged
  • Date + CreationTime - when the log was generated in UTC
  • IP address - of the user or corporate gateway

The Dynamics 365 for Customer Engagement apps schema tracking includes:

  • User ID - unique id of the Dynamics system user associated with an activity
  • SystemUserId - unique identifier of the user GUID in the D365 organisation
  • EntityName + ID - entity name in Dynamics 365
  • Query - the Filter query parameters used executing the FetchXML
  • Message - name called in Dynamics 365 apps SDK

Configuring & Reporting

Audit data is reviewed in the Office 365 Security and Compliance Center in Search and Investigation > Audit Log Search. Custom reports can be created but within the Dynamics 365 activities tab, preconfigured reports are available including:

  • Accessed out-of-box entity
  • Accessed custom entity 
  • Accessed admin entity
  • Performed bulk actions (e.g. delete and import) 
  • Accessed other entity type
  • Accessed Dynamics 365 admin center
  • Accessed internal management tool 
  • Signed in / out
  • Activated process or plug-in

When audit log search in the Office 365 Security and Compliance Center is turned on, user and admin activity is recorded in the audit log and retained for 90 days. 

Find out more

Further details, including examples of logs created using activity logging are shown in this Microsoft guide.

Please contact Preact if you want to learn more about this feature and discuss enabling the activity feature on your Dynamics 365 environment.


Receive CRM and Microsoft Dynamics 365 Updates

If you enjoyed this post, why not join our mailing list to receive emails about the latest updates and events from Preact?