Auditing in Purview
Note
Purview auditing solutions for Business Central is in Preview. Please register any feedback and requests for additional events to be auditable on [aka.ms/bcideas][https://aka.ms/bcideas].
Your Business Central environments automatically emit auditable events to Microsoft Purview auditing solutions. Microsoft Purview auditing solutions provide an integrated solution to help organizations effectively respond to security events, forensic investigations, internal investigations, and compliance obligations. For Business Central, this means that Create, Update, and Delete events that require administrator privileges are emitted to Purview's unified audit log, aiding security, legal, and compliance investigation across all Microsoft services used in your organization.
Tip
Before Business Central online logs authorization attempts to telemetry, a successful authentication (login) must happen against Microsoft Entra ID (formerly Azure Active Directory). With the information in the Microsoft Entra sign-in log, you can figure out what happened if a user sign-in failed. For more information, see Analyze sign-ins with the Microsoft Entra sign-in log.
If you want to track, monitor, or alert on successful and failed login attempts against Microsoft Entra ID, configure integration to Azure Monitor on Microsoft Entra and analyze further with KQL. For more information, see Integrate Microsoft Entra logs with Azure Monitor.
Business Central environments automatically emit all events listed below to Microsoft Purview auditing solutions, and Purview is enabled by default on every tenant. Learn more about enabling or disabling Purview auditing solutions on your tenant here.
Schema
Every event emitted to Purview auditing solutions uses the common schema. Events related to your Business Central environments can be found under the Dynamics365BusinessCentralLog AuditLogRecordType. For events with this AuditLogRecordType, the following fields are added to the common schema to contain details specific to your Business Central environments.
| Name | Description | Mandatory | Type |
|---|---|---|---|
| BcEnvironmentName | The name of the Business Central environment | False | Edm.String |
| BcEnvironmentType | The type of the Business Central environment (that is, Production or Sandbox) | False | Edm.String |
| BcCompanyName | The name of the company in your Business Central environment | False | Edm.String |
| BcCustomDimensions | Contains dynamic values based on the emitted event, see details for each event below | False | Edm.ComplexType |
| BcOperationName | The name of the operation for which the log was emitted | True | Edm.String |
Business Central events emitted to Purview are categorized as events and activities; events are high-level and are parents to the more specific activities.
| Event name | Description |
|---|---|
| Administered environment | Activities that create, update, or delete environments |
| Configured extension | Activities that configure extensions |
| Administered user | Activities that create, update, or delete users |
| Administered company | Activities that create, update, or delete companies |
| Configured integration | Activities that configure integrations |
| Configured Copilot | Activities that configure Copilot |
| Configured cloud migration | Activities that configure cloud migration |
| Administered report | Activities that create, update, or delete reports |
Administered environment activities
Activities listed in the table below can be audited by filtering to the Administered environment event.
| Activity | Custom dimensions | Sample value |
|---|---|---|
| Created environment | ApplicationVersion | 24.0.0.0 |
| CountryCode | US | |
| Removed environment | ||
| Renamed environment | NewEnvironmentName | EnvironmentName |
| Copied environment | targetEnvironmentType | Production |
| targetEnvironmentName | EnvironmentName | |
| Restored environment | EnvironmentName | RestoredEnvironment |
| EnvironmentType | Production | |
| PointInTime | 0001-01-01T00:00:00 | |
| SkipInstallingPTEs | false | |
| SkipInstallingThirdPartyGlobalApps | false | |
| SkipEnvironmentCleanup | false | |
| Recovered environment | ||
| Scheduled update | IgnoreUpdateWindow | false |
| RunOn | 0001-01-01T00:00:00 | |
| Set Security Group Access | Value | 00000000-0000-0000-0000-000000000000 |
| Removed Security Group Access | ||
| Set Application Insights Connection String | ||
| Set Access with Microsoft 365 Licenses | Value | true |
| Set AppSource Apps Update Cadence | Value | DuringMajorMinorUpgrade |
| Reported Service Outage | AppVersion | 24.0.0.0 |
| email@cronus.com | ||
| FirstName | John | |
| LastName | Doe | |
| OutageQuestionAnswers | 1: Yes. 2: All users | |
| OutageType | Logon | |
| Phone | +1 0000000000 | |
| PlatformVersion | 24.0.0.0 | |
| Set Update Window | PreferredEndTime | 06:00 |
| PreferredEndTimeUtc | 0001-01-01T06:00:00 | |
| PreferredStartTime | 00:00 | |
| PreferredStartTimeUtc | 0001-01-01T00:00:00 | |
| TimeZoneId | Coordinated Universal Time | |
| Exported Environment | ||
| Restarted Environment | ||
| Cancelled Session | sessionId | 12345 |
| Requested Environment Transfer | DestinationEntraTenantId | 00000000-0000-0000-0000-000000000000 |
| RunAt | 0001-01-01T00:00:00 | |
| Accepted Environment Transfer Request | ApplicationFamily | BusinessCentral |
| DestinationEnvironmentName | EnvironmentName | |
| SourceEntraTenantId | 00000000-0000-0000-0000-000000000000 | |
| SourceEnvironmentName | EnvironmentName | |
| Cancelled Environment Transfer Request | ||
| Link Environment to Power Platform Environment | powerPlatformEnvironmentId | 00000000-0000-0000-0000-000000000000 |
| applicationFamily | BusinessCentral | |
| environmentName | EnvironmentName | |
| Unink Environment to Power Platform Environment | powerPlatformEnvironmentId | 00000000-0000-0000-0000-000000000000 |
| applicationFamily | BusinessCentral | |
| environmentName | EnvironmentName | |
| Set Support Contact Information | support@cronus.com | |
| Name | SupportContact | |
| Url | https://cronus.com/support |
Configured extension activities
Activities listed in the table below can be audited by filtering to the Configured extension event.
| Activity | Custom dimensions | Sample value |
|---|---|---|
| Installed Global App | appId | 00000000-0000-0000-0000-000000000000 |
| AllowPreviewVersion | true | |
| InstallOrUpdateNeededDependencies | true | |
| TargetVersion | 24.0.0.0 | |
| UseEnvironmentUpdateWindow | true | |
| Updated Global App | appId | 00000000-0000-0000-0000-000000000000 |
| AllowPreviewVersion | true | |
| InstallOrUpdateNeededDependencies | true | |
| TargetVersion | 24.0.0.0 | |
| UseEnvironmentUpdateWindow | true | |
| Uninstalled Global App | appId | 00000000-0000-0000-0000-000000000000 |
| DeleteData | true | |
| UninstallDependents | true | |
| UseEnvironmentUpdateWindow | true | |
| Cancelled Global App Update | appId | 00000000-0000-0000-0000-000000000000 |
| ScheduledOperationId | 00000000-0000-0000-0000-000000000000 |
Administered user activities
Coming soon.
Administered company activities
Coming soon.
Configured integration activities
Activities listed in the table below can be audited by filtering to the Configured integration event.
| Activity | Custom dimensions | Sample value |
|---|---|---|
| Set Authorized Microsoft Entra App to Admin Center API | appId | 00000000-0000-0000-0000-000000000000 |
| Deleted Authorized Microsoft Entra App from Admin Center API | appId | 00000000-0000-0000-0000-000000000000 |
| Set Customer Tenant Access to Application Family | varTenantId | 00000000-0000-0000-0000-000000000000 |
| applicationFamily | BusinessCentral | |
| country | US | |
| access | read | |
| Set Notification Recipient | Id | 00000000-0000-0000-0000-000000000000 |
| recipient@cronus.com | ||
| Name | John Doe | |
| Removed Notification Recipient | Id | 00000000-0000-0000-0000-000000000000 |
Configured Copilot activities
Coming soon.
Configured cloud migration activities
Coming soon.
Administered report activities
Coming soon.
Comentários
Em breve: Ao longo de 2024, eliminaremos os problemas do GitHub como o mecanismo de comentários para conteúdo e o substituiremos por um novo sistema de comentários. Para obter mais informações, consulte https://aka.ms/ContentUserFeedback.
Enviar e exibir comentários de