D365UG London March 2019 - Auditing and Security in the Dynamics platform
5 likes483 views
The document outlines auditing and security features in Dynamics 365 Customer Engagement and the Power Platform, presented by a business applications MVP at Investec Bank. It covers the evolution of auditing from Dynamics CRM 1.0 to Dynamics 365, emphasizing challenges and improvements in activity logging, security, and compliance related to GDPR. Key considerations and technical implementations for managing and ensuring security within Dynamics 365 are also discussed, including limitations of out-of-the-box auditing and the necessity of specific Office 365 subscriptions.
![Created / Modified
CDS Operation Pipeline
Pre
Validation Pre Operation Pos OperationCore Operation
Transaction
Entity[“modifiedon”]=MyValue
Entity[“createdon”]=MyValue
Entity[“modifiedby”]=MyValue
Entity[“createdby”]=MyValue
Stage where you
can register a
Plugin](https://image.slidesharecdn.com/d365ug-march2019london-auditingandsecurity-ramontebar201903050723-190311064651/85/D365UG-London-March-2019-Auditing-and-Security-in-the-Dynamics-platform-17-320.jpg)
D365UG London March 2019 - Auditing and Security in the Dynamics platform
- 1. Who did what?! Auditing & Security in Dynamics 365 CE & the Power Platform London 6th March 2019 @RamonTebar
- 2. https://RamonTebar.net @RamonTebar http://www.linkedin.com/in/RamonTebar Business Applications MVP Investec Bank (London) Solution Architect
- 3. Why? • Regulation (GDPR) • Internal Security • Collaboration • Adoption • Freak Controller
- 4. A long Auditing Journey 2003 2019 Dynamics CRM 1.0 Dynamics 365 Customer Engagement & Power Platform Activity Logging Office 365 Security and Compliance Center Created By / Modified By 2011 Dynamics CRM 2011 Auditing out-of-the-box
- 6. Created / Modified Dynamics 365 Customer Engagement (CE)
- 7. Created / Modified Custom App Dynamics 365 CE Service Account
- 8. Created / Modified Who is making the change?
- 9. Created / Modified What about this?
- 10. Created / Modified How can we change Created By and Modified By? ?
- 11. Created / Modified Impersonation How can we change Created By and Modified By?
- 12. Created / Modified Impersonation using CallerId https://github.com/rtebar/Dynamics- Utils/blob/master/Dynamics.Utils/Dynamics.Utils.Tests/ImpersonateUser.cs
- 13. Created / Modified overriddencreatedon What about the Created On? Could we force a change in this out-of-the-box attribute?
- 14. Created / Modified createdon by overriddencreatedon https://github.com/rtebar/Dynamics- Utils/blob/master/Dynamics.Utils/Dynamics.Utils.Tests/ImpersonationByOverRidden.cs
- 15. Created / Modified Created By Modified By CallerId Created On OverriddenCreatedOn Modified On ? What if we need to run a data migration and set Modified On?
- 16. Created / Modified “Plugins!” Modified On ? What if we need to run a data migration and set Modified On?
- 17. Created / Modified CDS Operation Pipeline Pre Validation Pre Operation Pos OperationCore Operation Transaction Entity[“modifiedon”]=MyValue Entity[“createdon”]=MyValue Entity[“modifiedby”]=MyValue Entity[“createdby”]=MyValue Stage where you can register a Plugin
- 20. Created / Modified Created By Modified By CallerId Created On OverriddenCreatedOn Modified On Client side Server side N/A CallerId Pre- Operation Plugin
- 21. Created / Modified Conclusions Now you can travel in time It is not what it looks like
- 22. CRM 2011 - Auditing out-of-the-box!
- 23. CRM 2011 - Auditing out-of-the-box! Today in v9
- 24. • CRM 2011 auditing still has several limitations • Reads are not registered • e.g. account records with bank details • Metadata changes are not registered • e.g. customisations published in production unexpectedly • Huge amount of storage • Difficult to interrogate and manipulate logs CRM 2011 - Auditing out-of-the-box!
- 25. Scarcity sharpens people’s creativeness CRM 2011 - Auditing out-of-the-box!
- 26. Custom Read Auditing Entity Form Web Resource Azure Application Insights Custom Plugin Retrieve Retrieve Multiple Cosmos DB
- 27. Custom Metadata Auditing Custom Plugin Publish Publish All Cosmos DB • New entity • Change an attribute • Delete a form • Remove a view • …
- 31. Dynamics 365 CE Office 365 Security and Compliance Azure AD SharePoint Exchange Flow PowerApps Power BI Teams Activity Logging
- 32. Activity Logging Enabling Activity Logging in Dynamics 365 CE
- 33. Activity Logging Enabling Activity Logging in Dynamics 365 CE
- 34. Activity Logging https://www.office.com/ => https://protection.office.com Enabling Audit Search in Security & Compliance Center
- 35. Activity Logging Enabling Audit Search in Security & Compliance Center
- 36. Activity Logging Audit Search in Security & Compliance Center
- 37. Activity Logging Audit Search in Security & Compliance Center
- 38. Activity Logging Audit Search in Security & Compliance Center
- 39. Dynamics 365 CE Office 365 S&C Power BI User Azure Function Azure Queue Cosmos DB Office 365 Management API Activity Logging
- 40. Activity Logging Some considerations • Some operations don’t have all information yet (e.g. ExportToWord) • Audit log and retained for 90 days • Available for Production and not Sandbox instances • An Office 365 Enterprise E3 or E5 subscription is required • Dynamics 365 CE events can take up to 30 minutes to be available in logs results
- 42. Questions?
Editor's Notes
- #32: A unified audit log: https://docs.microsoft.com/en-us/office365/securitycompliance/search-the-audit-log-in-security-and-compliance?redirectSourcePath=%252fen-gb%252farticle%252fsearch-the-audit-log-in-the-office-365-security-compliance-center-0d4d0f35-390b-4518-800e-0c7ec95e946c
- #33: https://docs.microsoft.com/en-us/dynamics365/customer-engagement/admin/enable-use-comprehensive-auditing
- #34: https://docs.microsoft.com/en-us/dynamics365/customer-engagement/admin/enable-use-comprehensive-auditing
- #40: A unified audit log: https://docs.microsoft.com/en-us/office365/securitycompliance/search-the-audit-log-in-security-and-compliance?redirectSourcePath=%252fen-gb%252farticle%252fsearch-the-audit-log-in-the-office-365-security-compliance-center-0d4d0f35-390b-4518-800e-0c7ec95e946c