As organizations increasingly rely on Microsoft Dataverse to manage business-critical data through applications like Dynamics 365 and Power Platform, the importance of access auditing grows significantly. Knowing who accessed what, when, and how is essential for security, compliance, troubleshooting, and operational transparency.
Dataverse includes robust auditing capabilities that allow administrators and compliance teams to monitor user access, track data changes, and detect suspicious behavior. This article will explore the key components of Dataverse Access Auditing, how to enable and configure it, and best practices for managing and analyzing audit logs.
What is Dataverse Access Auditing?
Dataverse access auditing refers to the process of recording and reviewing actions taken by users and system processes on data and entities within the Dataverse environment.
This includes:
- Access events (e.g., record views)
- Data operations (create, update, delete)
- Security role or privilege changes
- User logins and authentication attempts
- Plugin and flow execution traces (indirect access)
Auditing is a built-in feature of Dataverse and is configurable at the environment, table, and column levels. It is not enabled by default and must be explicitly turned on.
Why Access Auditing Matters
Here’s why auditing is vital for any organization using Dataverse:
| Purpose | Benefit |
|---|---|
| Security Monitoring | Detect unauthorized access or suspicious patterns |
| Compliance & Regulations | Meet legal requirements such as GDPR, HIPAA, or SOX |
| Operational Transparency | Track how users interact with business data |
| Troubleshooting & Support | Understand when and how data was changed |
| Change Management | Audit schema changes and role assignments |
In regulated industries like finance or healthcare, access auditing isn’t optional—it’s mandatory.
Key Components of Dataverse Auditing
Dataverse provides a multi-layered auditing system. Here’s a breakdown of its main components:
1. Audit Settings at the Environment Level
Enable or disable auditing globally for your environment.
2. Table-Level Auditing
Control auditing for specific tables (formerly entities), such as Accounts, Contacts, Opportunities, etc.
3. Column-Level Auditing
Decide which fields within a table should be audited (e.g., Phone Number, Status, Owner).
4. User & Role Auditing
Track security changes, such as:
- Role assignments or removals
- Business unit transfers
- Team memberships
5. Access Logs (Login Auditing)
View who logged in, when, and from where (via Microsoft Entra ID sign-in logs).
How to Enable Dataverse Auditing
Step 1: Enable Global Auditing
- Go to Power Platform Admin Center: https://admin.powerplatform.microsoft.com
- Select your environment.
- Click Settings > Auditing.
- Enable Audit User Access and Start Auditing.
Step 2: Enable Auditing for Specific Tables
- In the Power Apps Maker Portal: https://make.powerapps.com
- Open your solution or navigate to Tables.
- Select a table (e.g., Contact).
- Under Properties, enable Auditing.
Step 3: Enable Auditing on Columns
- While editing a table, click Columns.
- Select the field you want to audit (e.g., Email).
- Enable Auditing.
Save and publish changes.
What Gets Logged?
Once auditing is enabled, Dataverse will log the following:
- Create: Who created the record and when
- Update: Changes made to fields, including old and new values
- Delete: Who deleted the record
- Access: Who viewed or read the record (limited tracking)
- Security Role Assignments
- Team or Business Unit Changes
Note: Read access auditing is limited to user logins and some indirect access. Full tracking of views requires third-party tools or telemetry.
Where Audit Logs Are Stored
Dataverse audit logs are stored within the environment’s database but do not count against your regular storage. They are stored in a separate audit log partition.
However:
- Audit logs expire after a configurable period (default 90 days)
- You can export logs to Azure Storage, Log Analytics, or Microsoft Purview for long-term retention or analysis
Viewing and Searching Audit Logs
- Go to the Power Platform Admin Center or Classic Admin interface
- Under Settings > Auditing, open the Audit Summary View
- Filter by:
- User
- Operation (create, update, delete)
- Date range
- Table or column name
You can also create custom views or dashboards for auditing in Power BI or Advanced Find (in classic Dynamics UI).
Auditing Limitations to Keep in Mind
| Limitation | Details |
|---|---|
| Not enabled by default | You must manually turn on auditing at all levels |
| Limited read/access tracking | Only some views are tracked, not every record view |
| Performance impact | Extensive auditing can slightly impact write performance |
| Retention | Logs may be purged after 90 days unless extended |
| No audit on plugin code directly | You need custom logs or traces for plugin execution |
Exporting Audit Data
For advanced analysis or compliance archiving, you can export audit logs using:
- Power Automate: Periodically extract logs and store in SharePoint, SQL, or Azure
- Dataverse Web API / SDK: Query the
Audittable - Azure Synapse Link: Enable for large-scale data warehousing and analysis
- Power BI: Build reports using audit data for visual insights
Example API call to retrieve audit data:
GET https://yourorg.crm.dynamics.com/api/data/v9.2/audits
Best Practices for Access Auditing
| Best Practice | Reason |
|---|---|
| Enable auditing for critical tables and fields only | Avoid performance and storage overhead |
| Regularly review logs for anomalies | Detect breaches or misuse early |
| Use Conditional Access + MFA | Combine with preventive security |
| Export logs for long-term retention | Meet regulatory and legal requirements |
| Audit security role changes | Track privilege escalations and risky behavior |
| Limit who can delete audit logs | Protect against insider threats |
Example Use Cases for Access Auditing
1. GDPR Compliance
Auditing allows you to prove when customer data was accessed or modified, supporting GDPR data subject access requests (DSARs).
2. Security Investigation
An admin can investigate unusual data changes or unauthorized deletions by reviewing audit logs for the impacted user or record.
3. Operational Reporting
Audit logs help identify which users are actively using the system and how frequently certain records are accessed.
Integration with Microsoft Entra Logs
While Dataverse tracks data operations, Microsoft Entra ID (Azure AD) handles authentication and login events.
You can correlate:
- Sign-in logs from Entra (IP address, device, location)
- Audit logs from Dataverse (record access and changes)
This combination offers a complete picture of user behavior and access patterns.
Combining Auditing with Security Features
To build a complete security framework:
- Enable Multi-Factor Authentication (MFA)
- Apply Conditional Access Policies
- Use Role-Based Access Control (RBAC) for data segmentation
- Monitor Power Automate and plugin executions via custom telemetry
Auditing is your detective control—complement it with preventive and detective measures for optimal protection.