Dataverse Access Auditing

Loading


As organizations increasingly rely on Microsoft Dataverse to manage business-critical data through applications like Dynamics 365 and Power Platform, the importance of access auditing grows significantly. Knowing who accessed what, when, and how is essential for security, compliance, troubleshooting, and operational transparency.

Dataverse includes robust auditing capabilities that allow administrators and compliance teams to monitor user access, track data changes, and detect suspicious behavior. This article will explore the key components of Dataverse Access Auditing, how to enable and configure it, and best practices for managing and analyzing audit logs.


What is Dataverse Access Auditing?

Dataverse access auditing refers to the process of recording and reviewing actions taken by users and system processes on data and entities within the Dataverse environment.

This includes:

  • Access events (e.g., record views)
  • Data operations (create, update, delete)
  • Security role or privilege changes
  • User logins and authentication attempts
  • Plugin and flow execution traces (indirect access)

Auditing is a built-in feature of Dataverse and is configurable at the environment, table, and column levels. It is not enabled by default and must be explicitly turned on.


Why Access Auditing Matters

Here’s why auditing is vital for any organization using Dataverse:

PurposeBenefit
Security MonitoringDetect unauthorized access or suspicious patterns
Compliance & RegulationsMeet legal requirements such as GDPR, HIPAA, or SOX
Operational TransparencyTrack how users interact with business data
Troubleshooting & SupportUnderstand when and how data was changed
Change ManagementAudit schema changes and role assignments

In regulated industries like finance or healthcare, access auditing isn’t optional—it’s mandatory.


Key Components of Dataverse Auditing

Dataverse provides a multi-layered auditing system. Here’s a breakdown of its main components:

1. Audit Settings at the Environment Level

Enable or disable auditing globally for your environment.

2. Table-Level Auditing

Control auditing for specific tables (formerly entities), such as Accounts, Contacts, Opportunities, etc.

3. Column-Level Auditing

Decide which fields within a table should be audited (e.g., Phone Number, Status, Owner).

4. User & Role Auditing

Track security changes, such as:

  • Role assignments or removals
  • Business unit transfers
  • Team memberships

5. Access Logs (Login Auditing)

View who logged in, when, and from where (via Microsoft Entra ID sign-in logs).


How to Enable Dataverse Auditing

Step 1: Enable Global Auditing

  1. Go to Power Platform Admin Center: https://admin.powerplatform.microsoft.com
  2. Select your environment.
  3. Click Settings > Auditing.
  4. Enable Audit User Access and Start Auditing.

Step 2: Enable Auditing for Specific Tables

  1. In the Power Apps Maker Portal: https://make.powerapps.com
  2. Open your solution or navigate to Tables.
  3. Select a table (e.g., Contact).
  4. Under Properties, enable Auditing.

Step 3: Enable Auditing on Columns

  1. While editing a table, click Columns.
  2. Select the field you want to audit (e.g., Email).
  3. Enable Auditing.

Save and publish changes.


What Gets Logged?

Once auditing is enabled, Dataverse will log the following:

  • Create: Who created the record and when
  • Update: Changes made to fields, including old and new values
  • Delete: Who deleted the record
  • Access: Who viewed or read the record (limited tracking)
  • Security Role Assignments
  • Team or Business Unit Changes

Note: Read access auditing is limited to user logins and some indirect access. Full tracking of views requires third-party tools or telemetry.


Where Audit Logs Are Stored

Dataverse audit logs are stored within the environment’s database but do not count against your regular storage. They are stored in a separate audit log partition.

However:

  • Audit logs expire after a configurable period (default 90 days)
  • You can export logs to Azure Storage, Log Analytics, or Microsoft Purview for long-term retention or analysis

Viewing and Searching Audit Logs

  1. Go to the Power Platform Admin Center or Classic Admin interface
  2. Under Settings > Auditing, open the Audit Summary View
  3. Filter by:
    • User
    • Operation (create, update, delete)
    • Date range
    • Table or column name

You can also create custom views or dashboards for auditing in Power BI or Advanced Find (in classic Dynamics UI).


Auditing Limitations to Keep in Mind

LimitationDetails
Not enabled by defaultYou must manually turn on auditing at all levels
Limited read/access trackingOnly some views are tracked, not every record view
Performance impactExtensive auditing can slightly impact write performance
RetentionLogs may be purged after 90 days unless extended
No audit on plugin code directlyYou need custom logs or traces for plugin execution

Exporting Audit Data

For advanced analysis or compliance archiving, you can export audit logs using:

  • Power Automate: Periodically extract logs and store in SharePoint, SQL, or Azure
  • Dataverse Web API / SDK: Query the Audit table
  • Azure Synapse Link: Enable for large-scale data warehousing and analysis
  • Power BI: Build reports using audit data for visual insights

Example API call to retrieve audit data:

GET https://yourorg.crm.dynamics.com/api/data/v9.2/audits

Best Practices for Access Auditing

Best PracticeReason
Enable auditing for critical tables and fields onlyAvoid performance and storage overhead
Regularly review logs for anomaliesDetect breaches or misuse early
Use Conditional Access + MFACombine with preventive security
Export logs for long-term retentionMeet regulatory and legal requirements
Audit security role changesTrack privilege escalations and risky behavior
Limit who can delete audit logsProtect against insider threats

Example Use Cases for Access Auditing

1. GDPR Compliance

Auditing allows you to prove when customer data was accessed or modified, supporting GDPR data subject access requests (DSARs).

2. Security Investigation

An admin can investigate unusual data changes or unauthorized deletions by reviewing audit logs for the impacted user or record.

3. Operational Reporting

Audit logs help identify which users are actively using the system and how frequently certain records are accessed.


Integration with Microsoft Entra Logs

While Dataverse tracks data operations, Microsoft Entra ID (Azure AD) handles authentication and login events.

You can correlate:

  • Sign-in logs from Entra (IP address, device, location)
  • Audit logs from Dataverse (record access and changes)

This combination offers a complete picture of user behavior and access patterns.


Combining Auditing with Security Features

To build a complete security framework:

  • Enable Multi-Factor Authentication (MFA)
  • Apply Conditional Access Policies
  • Use Role-Based Access Control (RBAC) for data segmentation
  • Monitor Power Automate and plugin executions via custom telemetry

Auditing is your detective control—complement it with preventive and detective measures for optimal protection.



Leave a Reply

Your email address will not be published. Required fields are marked *