Auditing

In the previous lesson, we learned about some Other Entities within the Power Platform. We continue with Other Entities as we explore Auditing.

Entity and Attribute Auditing

The Power Platform provides an auditing capability where user access, entity, and field-level data changes within an organisation can be recorded to support compliance and security initiatives. Specific logging settings can be controlled at an entity and field level.

This functionality is best used for reviews of small groups of records and changes as only limited reporting functionality is available within the application. The best practice is to only audit needed fields and entities to limit a potential impact on system performance.

For enabled entities, auditing can capture when a record is created, deleted or shared as well as changes to related associations and audited fields. User access and changes to security roles are also logged. To view audit data, a user must possess the View Audit History and View Audit Summary security privileges. Audit data is stored in the Audit entity.

Auditing must be enabled at the organisation level before auditing can occur, even if auditing has been enabled at the entity or field level. By default, auditing is disabled at the organisation and entity level, so this will have to be enabled to perform any auditing within your organisation.

Activity Logging

Activity Logging is an expansion of the previously available auditing functionality and spans beyond Dynamics 365 user actions to include over one hundred Administrator actions and activities performed on Office 365. Logging takes place at the SDK layer which means a single action can trigger multiple events that are logged.

Enhanced user logging includes create, read, update delete actions, multiple record views such as when views and reports are opened or exported. Administrator activities such as publishing customisations, deleting attributes, managing users and teams and managing instances, backing up and restoring instances and managing applications.

The activity log results are viewed in the Office 365 Security and Compliance Center Unified Audit Log, accessible through https://protection.office.com. To access the Security & Compliance Center, users need to be an Office 365 global administrator or a member of one or more Security & Compliance Center role groups. To access the log, navigate to the Audit Log Search. The results can be exported as a CSV file for further review.

Considerations

Activity Logging is only available for production instances. When an audited activity is performed by a user or admin, an audit record is generated and stored in the Office 365 audit log for your organisation. The length of time that an audit record is retained and searchable in the audit log depends on your Office 365 subscription and specifically the type of license that is assigned to a specific user.

Audit records are retained for 90 days for users with an Office 365 E3 license. This means you can search the audit log for activities that were performed within the last 90 days.

Audit records are retained for 365 days for users with an Office 365 E5 license. This means you can search the audit log for activities that were performed within the last year. Retaining audit records for one year is also available for users that are assigned an E3/Exchange Online Plan 1 license and have an Office 365 Advanced Compliance add-on license.

Next, we look at Internationalising.