Audit Dynamics 365 Business Central operations in Microsoft Purview: what is it?

demiliani, , ,

Some days ago Microsoft announced the upcoming new features for the new products wave and also Dynamics 365 Business Central is on the list and you can read more about the upcoming planned features for 2024 Wave 1 release here.

One of the announced features that has generated quite a lot of confusion is the following:

In 2024 release wave 1, auditable events occurring in Dynamics 365 Business Central environments are emitted to Microsoft Purview, allowing administrators to monitor and audit events across Business Central and other Microsoft services in a single place.

Only few words…

Some partners started thinking about that… is this a new telemetry feature? Can we have the same feature via telemetry?

As first, we need to say that Microdoft Purview is not a monitoring tool like Azure Monitor but it’s a data governance platform.

Microsoft Purview is a comprehensive set of solutions that can help your organization govern, protect, and manage data, wherever it lives. It provides organizations with a powerful platform for governing and securing data across your entire data estate. You can read more about the Purview capabilities here.

Between all the available features that Purview has, there’s also the auditing capability that I think is what has more interest for Dynamics 365 Business Central.

Microsoft Purview auditing  provides an integrated solution to help organizations effectively respond to security events, forensic investigations, internal investigations, and compliance obligations. Thousands of user and admin operations performed in dozens of Microsoft 365 services and solutions are captured, recorded, and retained in your organization’s unified audit log. Audit records for these events are searchable by security ops, IT admins, insider risk teams, and compliance and legal investigators in your organization. This capability provides visibility into the activities performed across your Microsoft 365 organization.

Microsoft Purview Audit (Standard) provides with you with the ability to log and search for audited activities and power your forensic, IT, compliance, and legal investigations.

Audit (Standard) is enabled by default for all organizations with the appropriate subscription (audit log search is turned on by default for Microsoft 365 and Office 365 enterprise organizations). 

Audit (Standard) is included with these entitlements

  • Microsoft Business Basic/Standard subscriptions
  • Microsoft 365 Apps for Business subscription
  • Microsoft 365 Enterprise E3 subscription
  • Microsoft 365 Business Premium
  • Microsoft 365 Education A3 subscription
  • Microsoft 365 Government G1/G3 subscriptions
  • Microsoft 365 Frontline F1 or F3 subscription, or F5 Security add-on
  • Office 365 Enterprise E1/E3 subscription
  • Office 365 Education A1/A3 subscriptions

With Audit (Standard) you can search for a wide-range of audited activities that occur is most of the Microsoft 365 services in your organization.  You can use the Audit log search tool in the compliance portal to search for audit records. You can search for specific activities, for activities performed by specific users, and activities that occurred with a date range or for a specific workload (like Business Central):

After running the Audit log search tool in the compliance portal, a job is scheduled:

When finished, you can export the audit records returned by the search to a CSV file:

When an audited activity is performed by a user or admin, an audit record is generated and stored in the audit log for your organization. In Audit (Standard), records are retained for 180 days, which means you can search for activities that occurred within the past six months. For Audit (Premium) retention is 1 year and can be extended.

Admins and members of investigation teams must be assigned the View-Only Audit Logs or Audit Logs role in the compliance portal to search or export the audit log. By default, these roles are assigned to the Audit Reader and Audit Manager role groups on the Permissions page in the complance portal:

More in details:

  • Audit Manager role: can search and export the audit log and manage audit settings for the tenant (like enabling or disabling audit logging). This role group grants the View-Only Audit Logs and Audit Logs roles to the user.
  • Audit Reader role: can only search and export the audit log. They can’t enable or disable audit logging. This role group grants the View-Only Audit Logs role to the user.

With this upcoming integration we can have a legally compliant auditing feature for Dynamics 365 Business Central that is fully integrated into all the M365 auditing toolset. In a single centralized platform we have all audit logs for all our applications running in the tenant (and it works also for on-premises applications).

We’ll see more about that feature starting from May I think, but if you have strict auditing requirements this is a great addition for you (Application Insights and telemetry is not a fully auditing compliant tool).

Published by demiliani

Microsoft MVP, MCT. Technology and cloud addicted, trying every day to make customers more addicted on IT. Runner and cyclist at full speed... www.demiliani.com | www.microsoftarchitects.com

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.