Managing Auditing Settings
Complete the full lesson to earn 25 points
Work through each section, then tap “Mark as Complete” on the last one.
✦ Skip the page breaks and see fewer ads — read each lesson on a single page with Pro
Managing Auditing Settings in Microsoft Dataverse
In any enterprise-grade data platform, knowing who did what, when they did it, and what the value was before and after a change is not just a "nice-to-have" feature—it is a fundamental requirement for security, compliance, and troubleshooting. Microsoft Dataverse provides a sophisticated auditing framework that allows administrators to track changes to data, user access, and even metadata changes. Whether you are preparing for a regulatory audit under GDPR or HIPAA, or simply trying to figure out why a specific record was deleted, understanding how to configure and manage auditing settings is a critical skill for any Power Platform administrator.
Auditing in Dataverse is not a single "on/off" switch. Instead, it is a hierarchical system that requires configuration at the environment, table, and column levels. This granularity ensures that you can capture the exact data you need without overwhelming your storage capacity with unnecessary logs. In this lesson, we will explore the mechanics of Dataverse auditing, from initial setup to advanced log management and programmatic access.
The Importance of Auditing in Modern Environments
Before we dive into the "how," we must understand the "why." Auditing serves three primary purposes in a Dataverse environment. First is accountability. When multiple users have access to sensitive records, such as customer financial data or healthcare information, you must be able to trace every modification back to a specific user. This discourages unauthorized changes and provides a clear trail for internal investigations.
Second is data integrity and recovery. While auditing is not a backup solution, it provides a history of changes. If a user accidentally updates a thousand records with incorrect information via a bulk import, the audit logs can show you exactly what the values were before the import, allowing for a manual or scripted reversal of the data.
Third is compliance and legal requirements. Many industries are legally mandated to keep logs of data access and modifications for a set number of years. Dataverse's built-in auditing features, combined with its log retention policies, allow organizations to meet these requirements without building custom logging engines.
Callout: Audit Logs vs. Activity Logs
It is common to confuse Dataverse Auditing with Power Platform Activity Logging. Dataverse Auditing tracks changes inside the database (record creations, updates, deletions, and user logins to that specific environment). Power Platform Activity Logs (found in the Microsoft 365 Compliance Center) track administrative actions, such as creating an environment, deleting a Power App, or changing environment variables. Think of Auditing as "what happened to my data" and Activity Logs as "what happened to my infrastructure."
The Hierarchical Structure of Auditing
To successfully implement auditing, you must understand that it operates on a three-tiered hierarchy. If any level in the hierarchy is disabled, the levels below it will not function, even if they are individually configured to audit.
1. Environment Level
This is the master switch. If auditing is disabled at the environment level, no logs will be generated for any table or column, regardless of their individual settings. This is managed through the Power Platform Admin Center (PPAC). When you enable auditing here, you also define global settings, such as whether to track user access and how long the logs should be retained.
2. Table Level
Once the environment is enabled, you must specify which tables (entities) you want to track. By default, many system tables have auditing enabled, but custom tables usually require you to turn it on manually. You might choose to audit a "Sales Order" table but ignore a "Temporary Cache" table to save on storage space.
3. Column Level
Within an audited table, you can further refine your logging by enabling or disabling auditing for specific columns (fields). For example, in a "Contact" table, you might want to audit changes to "Credit Limit" or "Address," but you might choose not to audit the "Last Synced with Outlook" field because it changes frequently and provides little business value.
Step-by-Step: Enabling Auditing at the Environment Level
The first step in your auditing journey is to flip the master switch. This is done in the Power Platform Admin Center.
- Navigate to the Power Platform Admin Center.
- Select Environments from the left-hand navigation and click on the name of the environment you wish to configure.
- Select Settings from the top menu bar.
- Expand the Audit and logs section and click on Audit settings.
- On the Audit settings page, ensure the Start auditing toggle is set to On.
Once this is enabled, you will see several additional options:
- Log user access: This tracks when a user accesses the Dataverse environment, whether through the web interface, an app, or an API call.
- Start read auditing: This is a more intensive form of auditing that logs every time a record is viewed, not just when it is changed. Warning: This can significantly increase log storage usage and is typically only used for highly sensitive environments.
- Enable Office 365 log management: This allows Dataverse to send audit data to the Office 365 Security & Compliance Center, providing a unified view of security events across the entire Microsoft 365 stack.
Note: Enabling "Read Auditing" requires specific licensing (usually Power Apps Per User or Dynamics 365 licenses) and should be used sparingly. Most organizations find that "Change Auditing" (Create, Update, Delete) is sufficient for their needs.
Configuring Table and Column Auditing
Once the environment is ready, you need to navigate to the Power Apps Maker Portal to configure specific tables.
Enabling a Table for Auditing
- Go to make.powerapps.com.
- Ensure you are in the correct environment.
- Click on Tables on the left sidebar.
- Select the table you want to audit (e.g., "Account").
- On the table summary page, click on Properties in the "Table properties" pane.
- Expand Advanced options.
- Scroll down to the For this table section and check the box for Audit changes to its data.
- Click Save.
Refining Column Auditing
By default, when you enable auditing for a table, all supported columns in that table are enabled for auditing. However, you may want to disable auditing for specific columns to reduce noise.
- Within the table you just configured, click on Columns.
- Select a specific column (e.g., "Description").
- Click Edit.
- Expand Advanced options.
- Locate the Auditing checkbox. Uncheck it if you do not want to track changes to this specific field.
- Click Save.
Tip: Calculations and Rollup columns are generally not audited because their values are derived from other fields. If you need to track changes to a calculated value, audit the underlying fields that contribute to that calculation instead.
Managing Audit Log Storage and Retention
One of the most common challenges with auditing is the impact on storage capacity. Audit logs are stored in the Log Capacity portion of your Dataverse storage quota. If left unchecked, logs can grow to several gigabytes or even terabytes over time, potentially leading to additional costs or preventing you from making further changes to your environment.
Audit Retention Policies
Microsoft recently introduced a more streamlined way to manage log growth through Retention Policies. Previously, administrators had to manually delete "Audit Partitions," which was a clunky process.
With retention policies, you can define how long logs should be kept. For example, you might set a policy to delete all audit logs older than 365 days.
How to set a retention policy:
- In the Power Platform Admin Center, go to Settings > Audit and logs > Audit retention policy.
- Set the Retain logs for duration. Options typically range from 30 days to "Forever."
- Dataverse will automatically handle the background cleanup of logs that exceed this age.
Manual Log Deletion
If you find yourself in a storage crunch and need to clear space immediately, you can still delete logs manually. This is done via the Audit Summary View in the legacy settings area.
- In your environment, click the Settings gear icon in the top right and select Advanced Settings.
- Navigate to Settings > Auditing > Audit Log Management.
- Here you will see a list of log files (partitions). You can select the oldest logs and click Delete Logs.
- Note: You can only delete the oldest logs in sequence. You cannot delete a log from 2023 while keeping a log from 2022.
Callout: Storage Architecture
Dataverse uses a different storage mechanism for audit logs than it does for standard table data. While table data is stored in a relational SQL-based structure (Database Capacity), audit logs are stored in a more cost-effective, compressed log store (Log Capacity). This is why you see three distinct categories in your storage reports: Database, File, and Log.
Accessing and Reviewing Audit Data
Configuring auditing is only half the battle; you must also know how to retrieve and interpret the data. There are three primary ways to view audit logs: the UI, the Web API, and the SDK.
Viewing Logs in the User Interface
For most business users and managers, the easiest way to view changes is directly on the record itself.
- Open a Model-Driven App and navigate to a record (e.g., a specific Account).
- Click on the Related tab and select Audit History.
- This view shows a chronological list of every change made to that record. It displays:
- The event (Create, Update, Delete, etc.).
- The user who performed the action.
- The date and time.
- The old value and the new value for every changed column.
Using the Audit Summary View
If you need to see a high-level view of all changes across the entire environment, use the Audit Summary View.
- Go to Advanced Settings > Auditing > Audit Summary View.
- This view allows you to filter by user, date range, or event type. It is particularly useful for identifying who deleted a record, as the record-level "Audit History" tab is obviously unavailable once a record is gone.
Programmatic Access via Web API
For developers who need to build custom reporting dashboards or export audit data to an external data warehouse, the Dataverse Web API provides access to the audits entity.
You can query the audit entity using a standard GET request. Here is an example of how to retrieve the last 10 audit records:
GET [Organization URI]/api/data/v9.2/audits?$top=10&$orderby=createdon desc
The response will include details such as the _userid_value, the operation (1 for Create, 2 for Update, 3 for Delete), and the objectid of the record that was changed.
Querying with C# and the SDK
If you are writing a custom plugin or a console application, you can use the RetrieveRecordChangeHistoryRequest to get the history for a specific record.
using Microsoft.Crm.Sdk.Messages;
using Microsoft.Xrm.Sdk;
using Microsoft.Xrm.Sdk.Query;
public void GetAuditHistory(IOrganizationService service, Guid recordId)
{
var request = new RetrieveRecordChangeHistoryRequest
{
Target = new EntityReference("account", recordId)
};
var response = (RetrieveRecordChangeHistoryResponse)service.Execute(request);
AuditDetailCollection details = response.AuditDetailCollection;
foreach (var detail in details.AuditDetails)
{
if (detail is AttributeAuditDetail attributeDetail)
{
foreach (var attribute in attributeDetail.NewValue.Attributes)
{
string oldValue = attributeDetail.OldValue.Contains(attribute.Key)
? attributeDetail.OldValue[attribute.Key].ToString()
: "N/A";
Console.WriteLine($"Field: {attribute.Key}, New Value: {attribute.Value}, Old Value: {oldValue}");
}
}
}
}
This code snippet demonstrates how to extract the "before" and "after" values for a specific record. Note that the AuditDetail can be one of several types (AttributeAuditDetail, RelationshipAuditDetail, etc.), so you must cast it appropriately.
Best Practices for Auditing
Implementing auditing without a strategy can lead to performance degradation and storage bloat. Follow these industry best practices to maintain a healthy environment.
1. Audit Only What You Need
Avoid the temptation to "Select All" for every table. Focus on:
- Tables containing sensitive PII (Personally Identifiable Information).
- Financial or transactional records.
- Tables that trigger complex automated workflows (to help debug why a workflow ran).
- Security-related tables (User, Role, Team).
2. Monitor Log Capacity Regularly
Set a recurring calendar reminder to check your storage capacity in the Power Platform Admin Center. If you see Log Capacity growing at an unsustainable rate, re-evaluate which tables are being audited.
3. Establish a Clear Retention Policy
Work with your legal and compliance teams to determine the minimum required retention period. If you are legally required to keep logs for three years, set your retention policy to 1,100 days. Don't keep logs for ten years "just in case" if it isn't required.
4. Use the "User Access" Toggle Wisely
Tracking every time a user logs in can generate a massive amount of data in high-traffic environments. Only enable "Log user access" if you actually have a business requirement to track login frequency or if you are investigating a security breach.
5. Secure the Audit Logs
By default, only System Administrators have full access to audit logs. Keep it that way. Audit logs contain sensitive information, including old values of passwords or secrets if they were incorrectly stored in plain text fields. Use Security Roles to strictly control who can view the "Audit History" and "Audit Summary."
Common Pitfalls and How to Avoid Them
Even experienced administrators can run into trouble with Dataverse auditing. Here are the most common mistakes and how to navigate them.
Pitfall 1: Forgetting the Hierarchy
An admin enables auditing on the "Contact" table but doesn't see any logs. They spend hours troubleshooting the table settings, only to realize that "Start Auditing" was never turned on at the Environment level.
- Solution: Always verify the environment-level switch first.
Pitfall 2: Unexpected Storage Costs
A company enables auditing on a high-frequency telemetry table that receives thousands of updates per hour. Within a week, they have exhausted their log storage and are facing overage charges.
- Solution: Identify high-velocity tables and disable auditing for them unless absolutely necessary. If you must audit them, set a very short retention period (e.g., 30 days).
Pitfall 3: Assuming Audit Logs are Backups
An admin thinks that because they have audit logs, they don't need to worry about accidental deletions. They soon realize that while the audit log shows what was deleted, it doesn't provide a "Restore" button to perfectly recreate the record with all its relationships and metadata intact.
- Solution: Treat auditing as a forensic tool, not a backup tool. Use the Power Platform's built-in environment backups for disaster recovery.
Pitfall 4: Ignoring Metadata Changes
Administrators often focus solely on data changes and forget that metadata changes (changing a column's data type, deleting a field, etc.) can also be audited. While metadata auditing is separate from data auditing, it's equally important for change management.
- Solution: Enable metadata auditing in the system settings to track changes to the structure of your database.
Comparison: Audit Log Management Methods
| Feature | Manual Partition Deletion | Automated Retention Policy |
|---|---|---|
| Effort Required | High (Manual intervention) | Low (Set and forget) |
| Granularity | Deletes by quarterly blocks | Deletes by specific age (days) |
| Risk of Error | Moderate (Accidental deletion) | Low |
| Availability | Legacy Settings (Web Client) | Power Platform Admin Center |
| Best For | Immediate emergency cleanup | Ongoing maintenance |
Frequently Asked Questions
Q: Does auditing affect the performance of my Dataverse environment? A: There is a negligible performance impact on standard operations. Dataverse handles auditing asynchronously, meaning the user doesn't have to wait for the audit log to be written before their change is saved. However, in extremely high-volume scenarios, the overhead can become measurable.
Q: Can I audit who viewed a record if I don't have the expensive Read Auditing license?
A: Not natively. Without the specific licensing for Read Auditing, Dataverse only tracks "Write" operations (Create, Update, Delete). You would need to build a custom solution (like a JavaScript web resource that logs an entry on the OnLoad event) which is not recommended due to complexity and performance costs.
Q: If I delete an audit log to save space, can I get it back? A: No. Once an audit partition or log entry is deleted, it is permanently removed from the system. If you need to keep logs for legal reasons but want to save space in Dataverse, you should export the logs to Azure Data Lake or a SQL database before deleting them from the Power Platform.
Q: Can I see what a record looked like two years ago? A: Yes, provided that auditing was enabled for that table two years ago and your retention policy has not deleted those logs. You would simply navigate to the record's Audit History and scroll back to the desired date.
Summary and Key Takeaways
Managing auditing settings is a balancing act between visibility and resource management. By understanding the hierarchical nature of these settings and leveraging the modern retention policies provided by Microsoft, you can create a transparent, secure environment that meets both user needs and compliance requirements.
Key Takeaways:
- Auditing is Hierarchical: You must enable it at the Environment level, then the Table level, and optionally refine it at the Column level.
- Storage Matters: Audit logs consume "Log Capacity." Monitor this regularly in the Power Platform Admin Center to avoid storage overages.
- Use Retention Policies: Move away from manual partition management and use automated retention policies (e.g., 365 days) to keep your environment clean.
- User Access Logging: This is a separate toggle. Use it to track logins, but be aware it can generate a lot of data.
- Forensics, not Backups: Audit logs show history and "before/after" values, but they are not a substitute for a robust environment backup strategy.
- Access Control: Limit access to audit logs via Security Roles, as they can contain sensitive historical data.
- Programmatic Power: Use the Web API or SDK to export audit data if you need to perform advanced analytics or long-term archiving outside of Dataverse.
By mastering these auditing configurations, you ensure that your Dataverse environment remains a "source of truth" where every action is accounted for and every change is transparent. This builds trust with stakeholders and provides the necessary safety net for complex enterprise operations.
Enjoying the courses?
Everything stays free. Pro shows fewer ads, doubles your daily points limit so you progress twice as fast, and lets you read each lesson on one page.
- ✓ Fewer advertisements
- ✓ 2× daily points limit
- ✓ Distraction-free lessons