How To: Audit Summary and Login Tracking | Blog
Organizations need to track changes made to business data for maintaining security, examining the history of a particular data record, documenting modifications for future analysis and record keeping, and being in compliance with regulations.
The audit logs help the Microsoft Dynamics CRM administrator answer questions such as:
- Which user was accessing the system and when?
- Who updated this field value on this record, and when?
- What was the previous field value before it was updated?
- What actions has this user taken recently?
- Who deleted this record?
- What locale was used to make the update?
Operations supported by auditing
The following operations can be audited:
- Create, update, deactivate, and delete operations on records.
- Changes to the sharing privileges of a record.
- The N: N association or disassociation of records.
- Changes to security roles.
- Audit changes at the entity, attribute, and organization level. For example, enabling audit on an entity.
- Deletion of audit logs.
- For changes made to entity fields that can be localized, such as the Product entity name or description fields, the locale Id (LCID) appears in the audit record.
There are three levels where auditing can be configured: organization, entity, and attribute. The organization level is the highest level, followed by the entity level, and finally the attribute level. We can enable or disable auditing at the organization level by setting a particular attribute value of the organization record. However, for entities and attributes, we should set a property value of the entity or attribute metadata.
For attribute auditing to take place, auditing must be enabled at the attribute, entity, and organization levels. For entity auditing to take place, auditing must be enabled at the entity and organization levels.
Enabling and Disabling Audit capabilities
- Auditing is supported on all custom and most customizable entities and attributes.
- A user must be assigned the System Administrator or System Customizer role to enable or disable auditing.
Auditing process for Dynamics CRM 2011 and any subsequent version is as detailed below:
Start or stop auditing for an organization
This task requires the system administrator or customizer security role or equivalent permissions.
- Go to Settings> Administration.
- Choose System Settings.
- On the Auditingtab, select the Start Auditing check box to start auditing. Clear the Start Auditing check box to stop all auditing.
- After selecting the entities you wish to track, to start or stop auditing on specific entities, select or clear the following check boxes:
- Audit user access. Tracks when a user accesses Microsoft Dynamics 365 including the user name and time.
- Common Entities. Tracks common entities like Account, Contact, Goal, Product, and User.
- Sales Entities. Tracks sales-related entities like Competitor, Opportunity, Invoice, Order, and Quote.
- Marketing Entities. Tracks Campaign entity activity.
- Customer Service Entities. Tracks Case, Contract, Queue, and Service entity activity.
- Click OK.
View audit logging details
System administrators can see activities for the entities that are enabled for audit logging.
- Go toSettings > Auditing.
- ChooseAudit Summary View.
- In theAudit Summary View, you can do the following:
- ClickEnable/Disable Filters to turn on filtering. Then, you can filter on a specific event, such as Delete
- Choose anEvent to view specific details about the activity, such as field changes that were made during an update to a record and who performed the update.
- Click the Refresh button to view the most recent activity.
Audit Summary View provides a filterable list of the system-wide audited operations which will enable a user to quickly find the changes that you need to review.
Enable or disable entities and fields for auditing
System administrators or customizers can change the default audit settings for entities and for specific fields for an entity.
To enable or disable auditing for an entity
- Go toSettings > System.
- In theAudit area, choose Entity and Field Audit Settings.
- UnderComponents, expand Entities.
- Open the entity for which you want to enable or disable auditing.
- To start auditing, on theGeneral tab, in the Data Services section, select the Auditing check box to enable auditing, or clear the Auditing check box to disable it.
By default, when you start or stop auditing for an entity, you also start or stop auditing for all the fields of this entity.
- Publish the customization. To publish for a single entity, choose the entity, such as Account, and then clickPublish on the toolbar.
To enable or disable auditing for specific fields on an entity
- Under the entity for which you want to enable or disable auditing with specific fields, clickFields.
- To enable or disable a single field, open the field and in the Auditing section, selectEnable or Disable.
To enable or disable more than one field, select the fields you want, and then on the toolbar click Edit. In the Edit Multiple Fields dialog box, in the Auditing area, click Enabled or Disabled.
- Publish the customization. To publish for a single entity, choose the entity, such as Account, and then clickPublish on the Actions toolbar.
Audit Log management: Audit Log management can be used to delete the Audit logs.
To delete audit logs
- Go toSettings > System.
- In theAudit area, choose Audit Log Management
- Select the log file which needs to be deleted and click on Delete Logs
Microsoft Dynamics CRM has the ability to track a user’s access to the Microsoft Dynamics CRM Server. The information that is recorded includes when the user started accessing Microsoft Dynamics CRM and if access originated from the Microsoft Dynamics CRM Web application, Microsoft Dynamics CRM for Outlook or SDK calls to the web services.
The following steps describe how to enable auditing of user logon access.
- In the site map click Settings, and then select Auditing.
- On the Audit page, select Global Audit Settings
- In the System Settings form, select (check) Audit user access.
Salient points to bear in mind regarding user access auditing
- Auditing of user access is enabled at the organization level.
- To enable or disable user access auditing, you must retrieve the target organization’s record, and update theIsUserAccessAuditEnabled attribute value for the organization. Global auditing on the organization must also be enabled by setting the Organization.IsAuditEnabled attribute to true in the organization record. To audit the origin of user access, for example: web application, CRM for Outlook or SDK, you must enable auditing on the entities being accessed.
- The frequency of auditing user access can be read or set using theUserAccessAuditingInterval attribute. The default attribute value of 4 indicates user access is audited once every 4 hours.