Last summer Microsoft announced a number of updates on the way that auditing functionality would be made available as outlined in Dynamics 365 July 2017 update: activity logging and session management for security and compliance . A couple of weeks ago Microsoft, updated their official documentation on these two features:
- Enable and use Activity Logging (Microsoft Dynamics 365 Administrator Guide)
- Security enhancements: user session and access management (Microsoft Dynamics 365 Administrator Guide)
It is important to notice that the documentation states that this feature might change as well as limited availability so it might be that on your Office 365 tenant the functionality is not available (yet).
The only recently updated Microsoft Dynamics 365 (online) security and compliance planning guide also does not (yet) make a mention of this functionality within the Microsoft 365 Security and Compliance Center.
I however briefly looked into the Microsoft 365 Security and Compliance Center in one of the tenants that I administer, and listed below are a number of my findings:
- Microsoft 365 Security and Compliance Center (accessible from https://protection.office.com) now indeed seems to surface some audit log events from Dynamics 365. It is however unclear whether you still need to activate audit logging first on your Dynamics 365 instances
- Available Dynamics 365 activities – a number of pre-configured audit log reports for Dynamics 365 (see screenshot figure 1 below) are already visible in my tenant but not all events as described in https://docs.microsoft.com/en-us/dynamics365/customer-engagement/admin/enable-use-comprehensive-auditing are visible. I also tested out some scenarios to track user login/logoff but no results were returned so this functionality is probably not activated yet in my tenant. But if you look at the documentation in https://docs.microsoft.com/en-us/dynamics365/customer-engagement/admin/enable-use-comprehensive-auditing you will notice that the auditing settings screen gives different options which might (which were not visible in my D365 organizations – neither 8.x and 9.x) also indicate that the functionality is not activated.
Figure 1. Pre-configured Dynamics 365 audit log search reports.
Figure 2. Auditing settings screen when activity logging is enabled.
- Audit log search capability: administrators can indeed query for different types of events using the audit log search functionality (See Search the audit log in the Office 365 Security and Compliance center for a general overview of the functionality)
- SIEM vendor integration is available using SIEM agents which will probably leverage the Office 365 Management Activity API – I will probably test the API integration out later on when the functionality is fully available
References:
- Microsoft Dynamics 365 (online) security and compliance planning guide (Updated April 9th, 2018)
- Microsoft Trust Center - Dynamics 365