About Thailand’s Computer-related Crime Act 2017, according to section 26: computer traffic data needs to be retained at least 90 days from the date on which the data is entered into a computer system.
I suggest having an environment monitoring that can export activity logs that retains data for at least 90 days.
From support ticket to MS, there are options to capture activity logs:
- LCS environment monitoring: This option only retains data for 30 days, which falls short of the required 90-day retention period.
Monitoring and diagnostics tools in Lifecycle Services (LCS) - Finance & Operations | Dynamics 365 | Microsoft Learn
- User log in D365: This option captures basic logon and online time, but it lacks detail on specific user activities within the system.
- Database log: Have to enable for specific tables/fields (not applicable for general auditing, also overuse can impact performance).
The workaround suggested as periodic export User Activity report, but client must export report when audit request and seems impossible to export one by one user activity every month.
Comments
Kindly see the Thailand’s Computer-related Crime Act 2017: https://thainetizen.org/docs/cybercrime-act-2017/
Category: Lifecycle Services