Greetings
Firstly, a disclamer: I'm a security architect and not a Dynamics person. My company has choosen to migrate heavily to Dynamics 365 Business Central and for this we rely on external consultants to map Business Central to our finance processes. I function as a security advisor to the project and I am left frustrated by the lack of security "maturity" of our consultants. 2024 and it's still "well you logged in, let's give him/her full access".
Anyway. We've been using Microsoft Sentinel as our company SIEM for a while and we had Sentinel integration as a requirement during the project initial face which as left me with a feeling of cheated since no one can get it to work.
Sentinel seems to rely on a Log Analytics table called Dynamics365Activity which is expected as that is how Sentinel works and the Sentinel analytics rules looks promising from a security standpoint. But there isn't anyhthing in this table, it's blank and we've been running one of our Dynamics 365 Business Central environments in a production capacity for months.
So, how is this supposed to work?
Regards
Fredrik
