Events
Powerful Devs Conference and Hack Together
Feb 12, 11 PM - Feb 28, 11 PM
Join the online conference and 2-week hackathon to explore building powerful solutions with Power Platform.
Register nowThis browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
The Dataverse auditing feature is designed to meet the external and internal auditing, compliance, security, and governance policies that are common to many enterprises. Dataverse auditing logs changes that are made to customer records in an environment with a Dataverse database. Dataverse auditing also logs user access through an app or through the SDK in an environment.
Dataverse auditing is supported on all custom and most customizable tables and columns. Audit logs are stored in Dataverse and consume log storage capacity. Audit logs can be viewed in the Audit History tab for a single record and in the Audit Summary view for all audited operations in a single environment. Audit logs can also be retrieved using the web API or the SDK for .NET. Audit logs are created when there are changes to the record on a table where auditing is turned on. Audit logs for updates are created when a new value is different from the old value of a column.
Note
The use of entity-related terminology depends on the protocol or class library used. See Terminology use depending on protocol or technology.
Audit logs may show up with a delay in the Audit History tab of a record and in the Audit Summary view. This is because audit logs are stored in the Dataverse log storage and no longer in the database storage.
Audit History for a single record
Audit Summary view (all audit logs)
Audit logs help administrators and other privileged users to answer questions like:
The following operations can be audited:
Auditing isn't supported on table or column definition changes or during authentication. Furthermore, auditing doesn't support retrieve operations or export operations. Dataverse and model-driven apps activity logging can be turned on, in addition to Dataverse auditing, to log data retrieve operations and export operations.
The following list enumerates the noncustomizable tables that can't be audited. This list was obtained by testing for a CanModifyAuditSettings column value of false on each table's definition:
There are three levels where auditing can be configured: an environment, table, and column. Auditing must be turned on at the environment-level first. To log data changes in a table, auditing must be turned on for the table, and for the column.
To turn on user access auditing (log access) or activity logging (Read logs), auditing must be turned on at the environment-level. The option to turn on activity logging is only visible when the minimum Office licensing requirements are met.
Note
User access or activity logging is sent to Purview for production environments only.
You must have System Administrator or System Customizer role or equivalent permissions to turn on or off auditing.
Auditing can be configured manually through the Power Platform admin center and the Power Apps portal. Auditing can also be configured programmatically. Learn more at Auditing overview.
[This section is prerelease documentation and is subject to change.]
You must be assigned to the Power Platform or Dynamics 365 admin role to turn on or off auditing through the Security page.
To meet your external and internal auditing, compliance, security, and governance policies that are common to many enterprises, auditing for the following tables are turned on automatically when you turn on auditing through the Security page. You can audit other tables, where applicable, but note that there are some core tables that audit is turned on by default.
Important
Category | Table |
---|---|
Common entities | systemuser |
Common entities | role |
Common entities | report |
Common entities | goalrollupquery |
Common entities | metric |
Common entities | goal |
Common entities | bulkoperation |
Common entities | list |
Common entities | salesliterature |
Common entities | product |
Common entities | lead |
Common entities | contact |
Common entities | account |
Common entities | activitypointer |
Sales | opportunitysalesprocess |
Sales | leadtoopportunitysalesprocess |
Sales | invoice |
Sales | salesorder |
Sales | quote |
Sales | competitor |
Sales | opportunity |
Marketing | campaign |
CustomerService | translationprocess |
CustomerService | expiredprocess |
CustomerService | newprocess |
CustomerService | phonetocaseprocess |
CustomerService | service |
CustomerService | contract |
CustomerService | kbarticle |
CustomerService | knowledgearticle |
CustomerService | queueitem |
CustomerService | incident |
CustomerService | socialprofile |
Security | solution |
Security | entity |
Security | team |
Security | position |
Security | organization |
Security | fieldsecurityprofile |
Security | businessunit |
Note
It's recommended that you apply the new retention policy to all logs. If you turned on the Existing logs switch, older logs continue to be retained using the prior retention policy. For example, by default, the initial logs are kept Forever and they aren't deleted with the new retention policy.
This task requires the System Administrator or System Customizer role or equivalent permissions.
Important
The audit retention period isn't available for Dynamics 365 Customer Engagement (on-premises) or for environments encrypted with a customer's own encryption key.
It's recommended that you use the Security page auditing option to set the retention policy. This provides the flexibility to apply the retention policy to existing logs.
Sign in to the Power Platform admin center using administrator credentials.
Go to Environments > [select an environment] > Settings > expand Audit and logs > Audit settings.
Setting | Description |
---|---|
Start Auditing | Start or stop auditing. |
Log access | Log whenever the system is accessed, generally by signing in. |
Read logs | Logs are sent to the Microsoft Purview compliance portal. |
You can set a retention period for how long audit logs are kept in an environment. Under Retain these logs for, choose the period of time you wish to retain the logs.
Setting | Description |
---|---|
Set the retention policy for these logs | Default: Forever |
Set a custom retention policy | Maximum: 24,855 days. Visible if you select "Custom" in the above setting. |
Note
When the audit retention period is set to Forever, logs aren't deleted. When the audit retention period is set to any other value, logs are deleted continuously starting at the time an audit record exceeds the time defined in the retention policy.
For example, assume the retention policy is set to 30 days. Audit records that were created 30 days, and one second ago, start to be deleted in the background.
Each audit log is stamped with the currently active retention period. Changing the retention period here doesn't change the retention period for already existing records. The new retention period is applied to all new records created after the retention policy was changed. For example, assume the retention period is changed from 30 days to 90 days. Audit records that were created prior to the change are deleted in the background after 30 days. Audit records that were created after the change are deleted in the background after 90 days.
Select Save.
Learn more in the Configure organization settings.
This task requires the System Administrator or System Customizer role or equivalent permissions.
This feature allows you to quickly turn on auditing for multiple tables (entities) simultaneously. The grouping of tables corresponds to a Dynamics 365 application, for example Sales tables correspond to the Sales Hub app.
In the web app, go to Settings () > Advanced Settings.
Select System > Administration.
Select Auditing tab.
Select the table (entities) you want to track. To start or stop auditing on specific tables, select or clear the following check boxes:
Select OK.
This task requires the System Administrator or System Customizer role or equivalent permissions.
Sign in to Power Apps using your System Administrator or System Customizer credentials.
Select the environment for which you want to configure auditing.
Note
We recommend that you manage the audit configuration as part of a solution. This allows you to easily find your customizations, apply your own solution published prefix, and export your solution for distribution to other environments. To learn more about solutions, see Use a solution to customize. When using a solution, add all tables you want to configure for auditing to your solution, then perform steps 3-8 before saving and publishing your solution.
Select Dataverse > Tables.
Select a table.
On the command bar, select Edit.
On the command bar, select Edit table properties.
Expand Advanced options.
Select the Audit changes to its data checkbox.
Select Save.
On the command bar, select <- Back.
Under Schema, select Columns.
Select a column you want to turn on for auditing, and then expand Advanced options.
Select the Enable auditing checkbox.
Select Save.
Repeat steps 3 – 10 for all tables and columns you want to edit.
System administrators or customizers can change the default audit settings for tables and for specific columns of a table.
Sign in to Power Apps using your System Administrator or System Customizer credentials.
Select the environment for which you want to configure auditing.
Note
We recommend that you manage the audit configuration as part of a solution. This allows you to easily find your customizations, apply your own solution published prefix, and export your solution for distribution to other environments. Learn more about solutions in Use a solution to customize. When using a solution, add all tables you want to configure for auditing to your solution, then perform steps 3-8 before saving and publishing your solution.
Select Dataverse > Tables.
Select a table.
On the command bar, select Edit.
On the command bar, select Edit table properties.
Expand Advanced options.
Select the Audit changes to its data checkbox to turn on auditing for the table.
-or-
Clear the Audit changes to its data checkbox to turn off auditing for the table.
Select Save.
If you have turned on the Read Logs in the environment's audit settings, you need to turn on the Single record auditing. Log a record when opened and Multiple record auditing. Log all records displayed on an opened page auditing settings to see the read audit logs from this table. Learn more at Activity logging.
Publish the customization. To publish for a single table, choose the table, such as Account, and then select Publish on the toolbar.
Under the table for which you want to turn on auditing with specific columns, select Columns.
To turn on or off auditing for a single column, open the column and expand the Advanced options in the General section, and then select or clear the Enable auditing option.
Select Save.
Publish the customization. To publish for a single table, choose the table, such as Account, and then select Publish on the toolbar.
Learn more in Dataverse developer guide: Configure auditing > Configure tables and columns.
Audit History is a valuable resource for users to understand the update history of a single record. It answers questions such as "When was this record created and by whom?", "Who changed a particular field and what was the previous value?", "Who shared the record with another user?".
Users must have the View Audit History privilege to see the Audit History of a record.
Select a record in a model-driven application.
Select the Related tab and select Audit History.
Choose a field in Filter on to filter results by a field you want to see the change history.
The Audit Summary view is a comprehensive list of all audit logs in an environment. By filtering on various columns, users of the Audit Summary view can understand what happened in the environment over time. It helps to answer questions such as "What actions did a user perform and when", "Who deleted a particular record?", or "Who changed a user's role?".
Users must have the View Audit Summary privilege to see the Audit Summary view.
There are two ways to get to the Audit Summary page:
From the environment's Apps menu, select the Power Platform Environment Settings app
From the app, select the Settings icon on the banner, select Advanced Settings, and select System > Auditing > Audit Summary view.
Note
The Record column filter doesn't work and will be removed in the future. The filter options Equals and Does not equal of the Entity column filter don't show any table values. To filter by entity, you can use the Contains option and enter the table name.
In the Auditing card, select Delete Logs.
Select View Audit Logs.
Use the Enable/Disable Filters option to narrow down the list of audit records needed to answer your question. You can apply several filters at once.
Note
Sorting is only possible on the Changed Date column.
Exporting of Audit logs is currently not supported. Use the Web API or SDK for .NET to retrieve audit data from your environment. See Retrieve and delete the history of audited data changes.
Large attribute values, such as Email.description or Annotation, are limited (capped) at 5 KB or about 5,000 characters. A capped attribute value is recognized by three dots at the end of the text, for example, "lorem ipsum, lorem ip…".
Learn more in Dataverse developer guide: Retrieve the history of audited data changes.
Dataverse auditing supports the deletion of a single record's entire audit history. This is useful when responding to a customer's request to delete their data.
Users must have the Delete Audit Record Change History privilege to perform this action.
The deletion of a record's audit history can be done in a model-driven application's Audit History and in the environment's Audit Summary view.
Select a record in a model-driven application.
Select the Related tab, and then select Audit History.
In Filter on, choose All fields, and then select Delete Change History to delete all logs pertaining to the selected record.
Select Delete to confirm.
Sign in to the Power Platform admin center, and then select an environment.
In the Auditing card, select Delete logs.
Select View Audit Logs.
Select a row in the audit history, and then select Delete Change History to delete all logs pertaining to the selected record.
Select Delete to confirm.
When you turn on Dataverse auditing, your apps create audit logs to store changes to the records and user access. You can delete audit logs when they're no longer needed to free up log capacity space.
Warning
When you delete audit logs, you can no longer view the audit history for the period covered by that audit log.
In the upper-right corner of an app, select Settings () > Advanced Settings > Settings > Auditing.
Select Audit Log Management, and then select View Audit Logs.
Select the oldest audit log, then select Delete Logs.
Select OK to confirm.
Note
You can only delete the oldest audit log in the system. To delete more than one audit log, repeat delete the oldest available audit log until you have deleted enough logs.
When you turn on Dataverse auditing, your apps create audit logs to store changes to the records and user access. You can delete audit logs when they're no longer needed to free up log capacity space.
Warning
When you delete audit logs, you can no longer view the audit history for the tables, user access, period covered by that audit log.
Sign in to the Power Platform admin center, and then select an environment.
Under Auditing, select Delete logs.
Choose how to select logs to delete.
Delete logs | Description | System job name |
---|---|---|
Logs by table | Select one or more tables for which you want to delete audit logs. By default, all tables in the environment will be shown, whether they contain audit data or not. | Delete logs for [number of] tables. |
Access logs by people and systems | Delete all access logs. This deletes all logs for all users and systems. | Delete access logs. |
All logs up to and including the selected date | Delete logs including the date selected. | Delete all logs before and including [timestamp]. |
Select Delete, and then confirm.
Note
Audit logs are deleted in an asynchronous background system job. The duration of the deletion depends on the amount of audit records to be deleted. The current rate is approximately 100 million records per day, or approximately 4 million records per hour.
To monitor the status of audit delete jobs, see the next section.
Several features use system jobs to perform tasks automatically, including workflows, import, and duplicate detection, running independently or in the background. You can monitor them to ensure that they run smoothly or have completed successfully.
In the Power Platform admin center, select an environment.
For Unified Interface, in the upper-right corner, select Settings () > Advanced Settings > Settings.
Select Settings > Audit and logs > System Jobs to see a grid view of system jobs.
If there's a problem with a system job, you can cancel, postpone, pause, or resume it. Select a job and then select the Actions menu.
Canceling system jobs
You can't resume a canceled system job.
Postponing completion of system jobs
Postponing an active system job stops any current and subsequent actions. You can specify a later time when you want the system job to restart.
Pausing system jobs
You can resume a paused system job.
Resuming paused system jobs
Resuming restarts a system job that was paused.
Tip
Note
You can't make changes to the status of a system job that has been completed or canceled.
In the Power Platform admin center, select an environment.
For Unified Interface, in the upper-right corner, select Settings () > Advanced Settings > Settings.
Select Settings > Data management > Bulk deletion.
Select the system job name to open details about your delete job.
You can use Azure Synapse Link for Dataverse to link the audit table and create reports using Power BI to meet your external and internal auditing, compliance, and governance needs. More information: Access audit data using Azure Synapse Link for Dataverse and Power BI
Events
Powerful Devs Conference and Hack Together
Feb 12, 11 PM - Feb 28, 11 PM
Join the online conference and 2-week hackathon to explore building powerful solutions with Power Platform.
Register nowTraining
Module
Search and investigate with Microsoft Purview Audit - Training
Search and investigate with Microsoft Purview Audit.
Certification
Microsoft Certified: Information Protection and Compliance Administrator Associate - Certifications
Demonstrate the fundamentals of data security, lifecycle management, information security, and compliance to protect a Microsoft 365 deployment.
Documentation
Auditing overview - Power Apps
Learn how to programmatically use the auditing capability of Microsoft Dataverse to record data changes over time for use in analysis and reporting.
Microsoft Dataverse and model-driven apps activity logging - Power Platform
Learn how to enable auditing to be used for reports in the Microsoft 365 Security Compliance Center.
Delete audit data - Power Apps
Learn how to programmatically delete audit data stored in Microsoft Dataverse.