Personalized Community is here!
Quickly customize your community to find the content you seek.
Choose your path Increase your proficiency with the Dynamics 365 applications that you already use and learn more about the apps that interest you. Up your game with a learning path tailored to today's Dynamics 365 masterminds and designed to prepare you for industry-recognized Microsoft certifications.
Visit Microsoft Learn
2020 Release Wave 2Discover the latest updates and new features to Dynamics 365 planned through March 2021.
Release overview guides and videos Release Plan | Preview 2020 Release Wave 2 TimelineWatch the 2020 Release Wave 1 virtual launch event
Ace your Dynamics 365 deployment with packaged services delivered by expert consultants. | Explore service offerings
Connect with the ISV success team on the latest roadmap, developer tool for AppSource certification, and ISV community engagements | ISV self-service portal
The FastTrack program is designed to help you accelerate your Dynamics 365 deployment with confidence.
FastTrack Program | Finance TechTalks | Customer Engagement TechTalks | Upcoming TechTalks
We have an employer who has left and has now joined a competitor.
I have administration rights to Dynamics CRM (server based). Version 1612 (184.108.40.206) (DB 220.127.116.11) on-premises
I am trying to find out if he downloaded any data or details on reports that he ran.
Any suggestions on whether I can access this information.
Anyone have any information on this as I too am curious to know.
Unfortunately, this is an area for improvement. The answer to your specific question is "probably not".
D365 auditing is getting better, but it is still not complete. There are major holes in that (a) accessing a view, (b) exporting data to Excel, (c) running an advanced find query, and (d) running a report are not able to be audited, to my knowledge. (Neither are any configuration changes made by Admins, so restrict the number of users with SA permission!)
But let's see what you can find out…
First, go to "System Settings / Auditing / Global Audit Settings". If you have the 'audit user access' or 'start read auditing' boxes checked, then you may be able to garner some information. (Note: your on-premise version may not have the 'audit user access' or 'start read auditing' boxes, in which case, the only thing I can suggest is some advanced IT sleuthing of SQL Server Logs, but that is going to be a painful process.)
If you have those boxes checked, then go to "System Settings / Auditing / Audit Summary View"..
There, you can see events like 'User access via Web'... And the 'Changed by' field can be filtered, so that you can search for just the miscreant's name. As mentioned above, unfortunately I could then go view all opportunities and export them all to Excel, and those actions would NOT create an audit summary record. but if, for example, the audit log showed that the user accessed CRM after they were terminated, that would bolster your case...
To reduce these types of risks in the future, certainly enable auditing, as indicated above. (This takes up some space, so you may not want to audit every entity, but you can purge historical logs.) You also may want to look at your user roles, and restrict those that can "Export to Excel".
Also, take a look at this page to see how programmers can potentially capture more audit data.
Unfortunately, at this time, your best defense against data theft is through your employment contracts. I hope this helps,
Thank you, David! I will go ahead and look at the info you provided!
Business Applications communities