Auditing overview
Applies To: Dynamics 365 (online), Dynamics 365 (on-premises), Dynamics CRM 2016, Dynamics CRM Online
Organizations often need to be in compliance with various regulations to ensure availability of customer interaction history, audit logs, access reports, and security incident tracking reports. Organizations may want to track changes in Microsoft Dynamics 365data for security and analytical purpose.
Microsoft Dynamics 365supports an auditing capability where entity and attribute data changes within an organization can be recorded over time for use in analysis and reporting purposes. Auditing is supported on all custom and most customizable entities and attributes. Auditing is not supported on metadata changes, retrieve operations, export operations, or during authentication. For information on how to configure auditing, see Configure entities and attributes for auditing.
Supported for auditing
The following table lists what can be audited for Microsoft Dynamics 365 (online & on-premises):
Audit of customizable entities |
Audit of custom entities |
Configure entities for audit |
Configure attributes for audit |
Privilege-based audit trail viewing |
Privilege-based audit summary viewing |
Audit log deletion for a partitioned SQL database |
Audit log deletion for a non-partitioned SQL database |
Microsoft Dynamics Dynamics 365 SDK programming support |
Audit of record create, update, and delete operations |
Audit of relationships (1:N, N:N) |
Audit of audit events |
Audit of user access |
Adherence to regulatory standards |
Not supported for auditing
The following table lists what cannot be audited for Microsoft Dynamics 365 (online & on-premises):
Audit of read operations |
Audit of metadata changes |
Key concepts
The following bullets identify some key auditing concepts:
You can enable or disable auditing at the organization, entity, and attribute levels. If auditing is not enabled at the organization level, auditing of entities and attributes, even if it is enabled, does not occur. By default, auditing is enabled on all auditable entity attributes, but is disabled at the entity and organization level.
For Microsoft Dynamics 365servers that use Microsoft SQL ServerEnterprise editions, auditing data is recorded over time (quarterly) in partitions. A partition is called an audit login the Microsoft Dynamics 365web application. Partitions are not supported, and therefore, not used, on a Microsoft Dynamics 365server that is running Microsoft SQL Server, Standard edition.
The ability to retrieve and display the audit history is restricted to users who have certain security privileges: View Audit History, and View Audit Summary. There are also privileges specific to partitions: View Audit Partitions, and Delete Audit Partitions. See the specific message request documentation for information about the required privileges for each message.
Audited data changes are stored in records of the auditentity.
Data that can be audited
The following list identifies the data and operations that can be audited:
Create, update, and delete operations on records.
Changes to the shared privileges of a record.
N:N association or disassociation of records.
Changes to security roles.
Audit changes at the entity, attribute, and organization level. For example, enabling audit on an entity.
Deletion of audit logs.
When (date/time) a user accesses Microsoft Dynamics 365data, for how long, and from what client.
Enabling or disabling of field level security by setting the IsSecuredattribute cannot be audited.
See Also
Manage your data in Microsoft Dynamics 365
Audit entity data changes
Configure entities and attributes for auditing
Audit entity messages and methods
Security role UI to privilege mapping
Blog: Recover your deleted CRM data and recreate them using CRM API
Microsoft Dynamics 365
© 2017 Microsoft. All rights reserved. Copyright