[New Feature] Audit Activity Logging
Friyank
944
Like
Share
ReportYou must have access of System customizer or system Administrator or Equivalent Role.
If you notice in Setting > auditing > Global Audit Setting > Audit Setting Area >
We have new option called Start Reading Auditing.
- What is this for and how this will help in auditing?Also notice in Setting > Customization > Entities > Any Entity(Account) >
Additional to Auditing which was in Older version as well.
Now we have two more option for auditing
Single record auditing. Log a record when opened.
Multiple record auditing. Log all records displayed on an opened page.
In both the Audit Setting area we have information message by Microsoft as below.
Read Auditing will log each time this entity data is accessed by the user in the application or programmatically using API. View these logs in the Office 365 Security & Compliance Center. Learn more
- So what is this all about?
- This is also known as activity logging
- This is about Protecting data, preserving privacy, and complying with regulations such as the General Data Protection Regulation
- Recapitulating GDPR –
In May 2018, a European privacy law, the General Data Protection Regulation (GDPR), is due to take effect. The GDPR imposes new rules on companies, government agencies, non-profits, and other organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data tied to EU residents. The GDPR applies no matter where you are located.
Previously Auditing was limited to CRM Users and its records.
Auditing was limited to following options
- Create, update, deactivate, and delete operations on records.
- Changes to the sharing privileges of a record.
- The N:N association or disassociation of records.
- Changes to security roles.
- Audit changes at the entity, attribute, and organization level. For example, enabling audit on an entity.
- Deletion of audit logs.
- For changes made to entity fields that can be localized, such as the Product entity name or description fields, the locale ID (LCID) appears in the audit record.
About Auditing in Previous Version
Now with New options of Auditing,
- You can log user and admin activities across Office and Dynamics 365 apps.
- Auditing occurs at the SDK layer of Dynamics 365 which means much more data is logged than just activities.
Logging takes place at the SDK layer which means a single action can trigger multiple events that are logged. The following are a sample of admin and user events you can audit. - Events which are audited now in Additional to Old options
| Event | Description |
| Publishing customizations | An admin publishes a new customization which overrides a change done by the previous one. The action requires auditing for analysis. |
| Attribute deletes | Admin accidentally deletes an attribute. This action also deletes the data. |
| Team, user management | Who was added, who was deleted, what access rights a user/team had is important for analyzing impact. |
| Configure instance | Adding solutions to an instance. |
| Backup and restore | Backup and restore actions at the tenant. |
| Manage applications | New instance added, existing instance deleted, trials converted to paid, etc. |
| Create, read, update, delete (CRUD) | Logging all CRUD activities essential for understanding the impact of a problem and being compliant with data protection impact assessments (DPIA). |
| Multiple record view | Users of Dynamics view information in bulk, like grid views, Advanced Find search, etc. Critical customer content information is part of these views. |
| Export to Excel | Exporting data to Excel moves the data outside of the secure environment and is vulnerable to threats. |
| SDK calls via surround or custom apps | Actions taken via the core platform or surround apps calling into the SDK to perform an action needs to be logged. |
| All support CRUD activities | Microsoft support engineer activities on customer environment. |
| Admin activities | Admin activities on customer tenant. |
| Backend commands | Microsoft support engineer activities on customer tenant and environment. |
Entities and action log for Microsoft Social Engagement
| Entities | Action |
| Search Topic Category | Create, Rename, Delete |
| Search Topic | Create, Update, Delete |
| Custom Source | Create, Update, Delete |
| Blocked Keyword | Add, Delete |
| Blocked Domain | Add, Delete |
| Stream | Create, Update, Delete |
| Post (acquired) | Internal & External Actions |
| Post (published) | Send |
| Author | Add (GDPR), Delete (GDPR), Delete |
| Activity Map | Create, Update, Delete |
| Alert | Create, Update, Delete |
| Preference | Update |
| Social Profile | Create, Update, Reauthenticate, Delete |
| User | Edit Role, E-mail |
| Azure Event Hubs | Create, Update, Delete |
| Dynamics 365 | Create, Update, Refresh, Delete |
| Allowed Domain | Add, Delete |
| Automation Rule | Create, Update, Delete |
| AR Notification | Enable, Disable |
| Tag | Add, Update, Delete |
| Label | Add, Update Delete |
| Search Language | Add, Delete |
| Adaptive Sentiment | Enable, Disable, Reset |
| Other Global Settings | Update |
All SDK messages are logged now, Except Following List of SDK messages
- WhoAmI
- RetrieveFilteredForms
- TriggerServiceEndpointCheck
- QueryExpressionToFetchXml
- FetchXmlToQueryExpression
- FireNotificationEvent
- RetrieveMetadataChanges
- RetrieveEntityChanges
- RetrieveProvisionedLanguagePackVersion
- RetrieveInstalledLanguagePackVersion
- RetrieveProvisionedLanguages
- RetrieveAvailableLanguages
- RetrieveDeprovisionedLanguages
- RetrieveInstalledLanguagePacks
- GetAllTimeZonesWithDisplayName
- GetTimeZoneCodeByLocalizedName
- IsReportingDataConnectorInstalled
- LocalTimeFromUtcTime
- IsBackOfficeInstalled
- FormatAddress
- IsSupportUserRole
- IsComponentCustomizable
- ConfigureReportingDataConnector
- CheckClientCompatibility
- RetrieveAttribute
This link below gives more details on Example of How data will be logged.
Now this was about Setting up auditing what about
Read Auditing will log each time this entity data is accessed by the user in the application or programmatically using API. View these logs in the Office 365 Security & Compliance Center.
- How to view those audited Data.
- This data is available to view in Office 365
- Login to Office.com or office 365 and you can see there is Security and Compliance app, clicking this app will open protection.office.com, Or you can directly login in https://protection.office.com
Go to Search and investigation > Audit Log Search and in Search Activities , Search for Dynamics 365 Activities or whichever application activity you want to view log for. Here you can see all the log of events and messages.
*This post is locked for comments