The Microsoft Sentinel solution for Dynamics 365 CE apps provides you with ability to collect Dynamics 365 CE Apps logs, gain visibility of activities and analyze them to detect threats and malicious activities.

Data connector*:

• The Dynamics 365 data connector provides insight into Dataverse audits and activities (CRUD - Create, Read, Update, Delete). By connecting Dynamics 365 CE apps logs into Microsoft Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.

Analytic rules detecting:

• Audit logs data and settings manipulation detection
• Detection of monitored Security and user configuration changes
• Suspicious logins and sign-ins to Dynamics 365
• Detection of new permissions granted to an application identity
• Mass export of Dynamics 365 records to Excel
• Mass deletion of Dynamics 365 records
• Bulk retrieval of data outside of normal activity hours
• Suspicious changes to Dynamics 365 encryption settings
• New user agents accessing Dynamics 365

Workbook dashboard providing visibility into:

• Record retrieval events
• Record deletion events
• Record export events
• Email events
• Other events

Threat hunting queries providing insights into: