Try Microsoft Edge
A fast and secure browser that's designed for Windows 10
With GDPR being effective since May 25 2018, Microsoft has released a large set of tools and security mechanisms, both on Office 365 and Dynamics 365, to ensure their customers can be compliant and offer the highest level of security.
I will focus in this article on the new option to audit read actions.
Dynamics 365 now allows to track these actions:
In the past, it was only possible to audit Create, Update, and Delete events, not the Read event, unless you implemented specific developments with plugins that would be triggered on Retrieve and RetrieveMultiple.
This Microsoft Docs article does a very good job at explaining how Activity Logging works, its requirements, and how to set it up: Enable and use Activity Logging
Let’s make one thing clear: if people can have a read access to data, they can manage to export the data one way or another. So security should come from your security model, and not based on whether or not you display or hide fields on a form, or if you disable the Export to Excel button for your users (remember the data is available through the APIs, so it’s quite easy to export, for example through a Power BI report).
This is what the Audit History looks like on a contact record where we have enabled audit. If you look carefully, you will see no signs of a read action, but instead the classic Create and Update history of events:
You will also notice a new Delete Change History button that allows to wipe the audit history for a single record. This action will also be tracked in the Audit History:
As this kind data can rapidly accumulate in huge volumes, it is logged in a dedicated place, in the Office 365 Security & Compliance Portal.
This means that you do not know precisely the records that were displayed without doing some more advanced analysis.
Well, as you can see, it’s not very simple to get to the “Read” event for a CRM record. But at least, these events are tracked somewhere. No doubt Microsoft will improve the experience in future versions.
While it’s still not possible to display that kind of information from the Dynamics 365 application (be it from the Audit Summary View or directly from the Audit Summary of a specific record), I get a feeling that Microsoft will be progressively moving most or all audit tracking features to the Security & Compliance portal, as a lot of Dynamics 365 events are already being tracked in it (the full list of admin and user events is available here):
Example of an Update contact activity that stores the updated values:
To programmatically download data from the Office 365 audit log, you can use the Office 365 Management Activity API (REST web service).
The post Thank you GDPR! A new Dynamics 365 security feature is available: Audit User Read Access to CRM Records appeared first on CRM Deep Dive.