Outdated audit settings can create critical compliance and data security gaps, exposing your business to unnecessary risks.
The consequences of inadequate auditing can be severe, potentially leading reputational damage. Regulatory pressures vary across industries, but Microsoft Dynamics 365/Dataverse provides administrators with the flexibility to tailor audit configurations.
This post discusses the options and key considerations to ensure Dynamics auditing aligns with your needs.
We suggest configuring an audit policy upon implementation, but if you haven’t done so yet, we strongly encourage you to prioritise this.
Who Should Decide Your Audit Policy?
Defining a Dynamics 365 audit policy requires input from multiple stakeholders to ensure compliance and operational needs are met.
Here’s a non-exhaustive list of roles that typically should be involved:
- IT Department/System Administrators: They are responsible for implementing the audit policy, understanding its impact on system performance, and managing storage. IT can assess the technical feasibility of audit configurations and their effect on system resources.
- Business Unit Leaders: Leaders from various business units, such as sales, marketing, finance, and HR, provide input on which activities must be audited. They understand what data is critical for their operations and the key processes that require oversight.
- Data Protection Officers (DPOs): The DPO ensures that audit policies adhere to privacy laws and best practices. They define how personal data should be handled and monitored, ensuring that auditing does not infringe on data privacy rights.
- Security Teams: Security teams determine the scope of audit logs needed to track suspicious activity, monitor access to sensitive information, and identify potential breaches. They also ensure the audit logs are secure and cannot be tampered with.
- Finance and Accounting Teams: In industries such as banking or healthcare, the finance team must ensure that audit policies align with financial regulations. They also have insights into which financial records require long-term retention for adherence to regulations.
- C-Suite/Executive Management: While executives don’t handle day-to-day auditing, they play a key role in setting the overall risk management strategy and ensuring that the audit policy aligns with broader business objectives and regulatory obligations.
Global Auditing
To enable auditing and record changes to your data, you can control this in the Power Platform Admin Center by navigating to Environments > Your Environment > Settings > Audit Settings.
Here, you can choose to start logging and determine how long to retain the logs.
Who Should Turn Global Auditing On?
In most scenarios, we recommend enabling auditing for production environments.
If you are configuring auditing for a development or staging environment, it is advisable to turn this off in many cases. Data in these environments is often synthetic, so this typically unnecessary for auditing. Disabling this can also improve performance and reduce storage requirements.
How Long Should Logs Be Retained?
Microsoft offers various options for how long you can keep your auditing information.
- IT Service Providers: We recommend retaining logs for 90 days to troubleshoot issues, track customer interactions, and review tickets. This retention period ensures that there is enough history to resolve recurring issues while limiting data storage overhead.
- Banks and Financial Firms: These organisations often need to keep logs for 7 years to comply with regulations, such as the UK’s Financial Conduct Authority (FCA). Logs may be required as proof for audits, legal cases, or regulatory enquiries.
- For E-commerce Companies: Shorter retention periods of 30 days may be appropriate, as they often process high volumes of transactions. In such cases, long-term data can be moved off-site to maintain performance and stay within data capacity limits.
App-Based Auditing
If your environment has global auditing enabled, the next step in implementing your auditing policy is to control which Dynamics 365 apps should have auditing switched on.
At the time of writing, this can only be configured in the legacy interface under Administration > System Settings. We anticipate that Microsoft will enable administrators to manage this in the Power Platform Admin Center in the short to medium term.
You can control app-level auditing for:
- Common Entities: This enables your organisation to start auditing typical entities/tables such as Accounts, Leads, and Change Requests.
- Sales Entities: Selecting this option controls tables such as Invoices, Opportunities, and Competitors.
- Marketing Entities: This option allows you to log entities such as Segments, Marketing Forms, and Customer Journeys.
- Customer Service Entities: This turns on auditing for entities such as Cases, Articles, and Contracts.
Dynamics 365 administrators need to determine whether to enable auditing for each of these categories.
In a production environment, we recommend enabling Common Entities and any apps that you use. Further optimisation can be achieved by analysing your tables individually and identifying which data requires an audit trail.
Table Managed Auditing
The best way to manage auditing for tables is through Power Apps.
Navigate to the Power Apps website, select your environment, and choose a table.
Click on Edit from the command bar, then Edit Table Properties. This will open a panel on the right-hand side where you can choose to enable audit logging. Turning this on will log any data creation, changes or deletions in this table for all columns by default. When choosing which tables to audit, remember that tables can be used across multiple applications, which affects various business functions.
Log any data creation, changes, or deletion in this table. When turned on, all columns are audited by default.
Just a heads-up: You’ll need to turn on global auditing for this to track changes.
You can also audit at a more granular level and identify individual columns within the table to log. For example, in the Account table, you may choose to audit only specific columns, such as the telephone number. This allows you to optimise your configuration for maximum performance and storage efficiency.
View an Auditing Log of an Individual Record
In your model-driven app, navigate to a table such as Contacts and select a record. Then select the Related drop-down menu and choose Audit History. This will display a list of changes made to that record over time. By default, it will show all fields, but you can have controls to filter this above the table.
There are many scenarios where you may need to view the audit log of a specific record.
For example, for GDPR purposes, a Data Protection Officer or Marketing Manager may need to review the consent options of a specific contact to understand when and what options were changed.
Another scenario could involve an internal investigation of a financial discrepancy. For instance, a Finance Manager might need to track changes made to an invoice record. By reviewing the audit log, they can identify who modified the invoice, what changes were made (such as payment terms or amounts), and when the adjustments occurred.
This level of detail helps ensure accountability and can be crucial in resolving disputes or demonstrating regulatory adherance.
Is Your Audit Capturing What You Need?
Keeping your Dynamics 365 audit configurations up to date is essential for compliance obligations, security, and efficiency. With flexible auditing options across environments, apps, and tables, you can control what data is monitored and for how long.
Is your auditing optimised in Dynamics? Contact ServerSys to review your auditing setup and ensure your configurations align with industry best practices.
Updated: August 19, 2025
Related Insights:
- Ensuring Security and Compliance with Microsoft Copilot for Sales
- Reviewing Copilot Transcripts Retention to Free Up Your Dataverse Storage Capacity
- How to Cut Dynamics 365 Storage Costs with Dataverse Retention Policies