You’re offline. This is a read only version of the page.
10
We have an employer who has left and has now joined a competitor.
I have administration rights to Dynamics CRM (server based). Version 1612 (8.2.5.4) (DB 8.2.5.4) on-premises
I am trying to find out if he downloaded any data or details on reports that he ran.
Any suggestions on whether I can access this information.
Thanks!
Natasha
*This post is locked for comments
Unfortunately, this is an area for improvement. The answer to your specific question is "probably not".
D365 auditing is getting better, but it is still not complete. There are major holes in that (a) accessing a view, (b) exporting data to Excel, (c) running an advanced find query, and (d) running a report are not able to be audited, to my knowledge. (Neither are any configuration changes made by Admins, so restrict the number of users with SA permission!)
But let's see what you can find out…
First, go to "System Settings / Auditing / Global Audit Settings". If you have the 'audit user access' or 'start read auditing' boxes checked, then you may be able to garner some information. (Note: your on-premise version may not have the 'audit user access' or 'start read auditing' boxes, in which case, the only thing I can suggest is some advanced IT sleuthing of SQL Server Logs, but that is going to be a painful process.)
If you have those boxes checked, then go to "System Settings / Auditing / Audit Summary View"..
There, you can see events like 'User access via Web'... And the 'Changed by' field can be filtered, so that you can search for just the miscreant's name. As mentioned above, unfortunately I could then go view all opportunities and export them all to Excel, and those actions would NOT create an audit summary record. but if, for example, the audit log showed that the user accessed CRM after they were terminated, that would bolster your case...
To reduce these types of risks in the future, certainly enable auditing, as indicated above. (This takes up some space, so you may not want to audit every entity, but you can purge historical logs.) You also may want to look at your user roles, and restrict those that can "Export to Excel".
Also, take a look at this page to see how programmers can potentially capture more audit data.
https://docs.microsoft.com/en-us/powerapps/developer/common-data-service/audit-user-access
Unfortunately, at this time, your best defense against data theft is through your employment contracts. I hope this helps,
Dave
Stay up to date on forum activity by subscribing. You can also customize your in-app and email Notification settings across all subscriptions.
#1
André Arnaud de Cal...
291,253
Super User 2024 Season 2
#2
Martin Dráb
230,188
Most Valuable Professional
#3
nmaenpaa
101,156
Share
Report
All responses (
Answers (