This document contains information from a Dynamics 365 Saturday event in Milan on February 8, 2019. It discusses auditing and data security in Dynamics 365 Customer Engagement applications. The presenters, Ramon Tebar and Marco Amoedo, cover how auditing has evolved from Dynamics CRM 1.0 to Dynamics 365. They provide methods for programmatically updating fields like Created By and Modified By. Finally, they discuss using the Office 365 Security & Compliance center for activity logging across Dynamics 365 and other Office 365 applications.
7. Milan 2019
A long Auditing Journey
2003 2019
Dynamics CRM 1.0
Dynamics 365
Customer Engagement
& Power Platform
Activity Logging
Office 365 Security and
Compliance Center
Created By /
Modified By
2011
Dynamics CRM 2011
Auditing
out-of-the-box
14. Milan 2019
Created / Modified
Impersonation
How can we change
Created By and Modified By?
15. Milan 2019
Created / Modified
Impersonation using CallerId
https://github.com/rtebar/Dynamics-Utils/blob/master/Dynamics.Utils/Dynamics.Utils.Tests/ImpersonateUser.cs
16. Milan 2019
Created / Modified
overriddencreatedon
What about the Created On?
Could we force a change in this
out-of-the-box attribute?
17. Milan 2019
Created / Modified
createdon by overriddencreatedon
https://github.com/rtebar/Dynamics-Utils/blob/master/Dynamics.Utils/Dynamics.Utils.Tests/ImpersonationByOverRidden.cs
18. Milan 2019
Created / Modified
Created By
Modified By
CallerId
Created On OverriddenCreatedOn
Modified On
? What if we need to run a
data migration and set
Modified On?
19. Milan 2019
Created / Modified
“By the
Power of
Plugins!”
Modified On
? What if we need to run a
data migration and set
Modified On?
20. Milan 2019
Created / Modified
CDS Operation Pipeline
Pre Validation
Pre Operation Pos OperationCore Operation
Transaction
Entity[“modifiedon”]=MyValue
Entity[“createdon”]=MyValue
Entity[“modifiedby”]=MyValue
Entity[“createdby”]=MyValue
Stage where you
can register a
Plugin
23. Milan 2019
Created / Modified
Created By
Modified By CallerId
Created On OverriddenCreatedOn
Modified On
Client side Server side
N/A
CallerId
Pre-
Operation
Plugin
24. Milan 2019
Created / Modified
Conclusions
Now you can travel in time
It is not what it looks like
27. Milan 2019
• CRM 2011 auditing still has several limitations
• Reads are not registered
• e.g. account records with bank details
• Metadata changes are not registered
• e.g. customisations published in production
unexpectedly
• Huge amount of storage
• Difficult to interrogate and manipulate logs
CRM 2011 - Auditing out-of-the-box!
29. Milan 2019
Custom Read Auditing
Entity Form
Web Resource
Azure Application
Insights
Custom Plugin
Retrieve
Retrieve Multiple
Cosmos DB
30. Milan 2019
Custom Metadata Auditing
Custom Plugin
Publish
Publish All
Cosmos DB
• New entity
• Change an attribute
• Delete a form
• Remove a view
• …
43. Milan 2019
Activity Logging
Some considerations
• Some operations don’t have all information yet (e.g.
ExportToWord)
• Audit log and retained for 90 days
• Available for Production and not Sandbox instances
• An Office 365 Enterprise E3 or E5 subscription is required
• Dynamics 365 CE events can take up to 30 minutes to be
available in logs results
A unified audit log:
https://docs.microsoft.com/en-us/office365/securitycompliance/search-the-audit-log-in-security-and-compliance?redirectSourcePath=%252fen-gb%252farticle%252fsearch-the-audit-log-in-the-office-365-security-compliance-center-0d4d0f35-390b-4518-800e-0c7ec95e946c
A unified audit log:
https://docs.microsoft.com/en-us/office365/securitycompliance/search-the-audit-log-in-security-and-compliance?redirectSourcePath=%252fen-gb%252farticle%252fsearch-the-audit-log-in-the-office-365-security-compliance-center-0d4d0f35-390b-4518-800e-0c7ec95e946c