Vinod Thomas

Currently, the audit logs provided through the Microsoft Purview Portal for Dynamics 365 CRM only record the fact that a user accessed an entity, but do not capture or expose the specific Entity ID (Record ID) of the record that was viewed.

This is a significant limitation for organisations needing to maintain a strong security posture. In the event of a suspected data breach, it is currently impossible to reconstruct exactly which CRM records were accessed by a user based on standard Purview audit data. This weakens incident response capabilities and limits compliance with data protection regulations such as GDPR, HIPAA, and others, where organisations are expected to provide detailed information on data access.

Proposed Feature:

Enhance CRM audit logging in Purview to include the Entity ID (record GUID) for all access events (Read/View). This data should be available both in the Purview Portal investigation and reporting.

Business Impact:

• Improves ability to monitor and investigate unauthorised access events
• Enables full auditability and traceability of CRM data
• Helps organisations meet regulatory and compliance obligations
• Reduces security risk and strengthens trust in the Dynamics platform

Example Scenario:

If a CRM user views a sensitive customer record (e.g., a lead or a case), the audit log should record not just that the entity type "Lead" or "Case" was accessed, but also the specific Entity ID (e.g., caseid=ABC12345-6789-4DEF-0123-456789ABCDEF).

This would allow organisations to identify precisely which customer's data was viewed, enabling accurate breach reporting and remediation.