You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/dynamics-365/deploy-dynamics-365-finance-operations-solution.md
+20-24Lines changed: 20 additions & 24 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,10 +1,10 @@
1
1
---
2
2
title: Deploy Microsoft Sentinel solution for Dynamics 365 Finance and Operations
3
3
description: This article introduces you to the process of deploying the Microsoft Sentinel Solution for Dynamics 365 Finance and Operations
4
-
author: limwainstein
5
-
ms.author: lwainstein
4
+
author: batamig
5
+
ms.author: bagol
6
6
ms.topic: how-to
7
-
ms.date: 05/14/2023
7
+
ms.date: 02/12/2024
8
8
---
9
9
10
10
# Deploy Microsoft Sentinel solution for Dynamics 365 Finance and Operations
@@ -23,7 +23,7 @@ Before you begin, verify that:
23
23
- You have a defined Microsoft Sentinel workspace and have read and write permissions to the workspace.
24
24
-[Microsoft Dynamics 365 Finance version 10.0.33 or above](/dynamics365/finance/get-started/whats-new-changed-changed-10-0-33) is enabled and you have administrative access to the monitored environments.
25
25
- You can create an [Azure Function App](../../azure-functions/functions-overview.md) with the `Microsoft.Web/Sites`, `Microsoft.Web/ServerFarms`, `Microsoft.Insights/Components`, and `Microsoft.Storage/StorageAccounts` permissions.
26
-
- You can create [Data Collection Rules/Endpoints](../../azure-monitor/essentials/data-collection-rule-overview.md) with the permissions:
26
+
- You can create [Data Collection Rules/Endpoints](../../azure-monitor/essentials/data-collection-rule-overview.md) with the permissions:
27
27
-`Microsoft.Insights/DataCollectionEndpoints`, and `Microsoft.Insights/DataCollectionRules`.
28
28
- Assign the Monitoring Metrics Publisher role to the Azure Function.
29
29
@@ -75,7 +75,7 @@ In the connector page, make sure that you meet the required prerequisites and co
75
75
76
76
To enable data collection, you create a new role in Finance and Operations with permissions to view the Database Log entity. The role is then assigned to a dedicated Finance and Operations user, mapped to the Microsoft Entra client ID of the Function App's system assigned managed identity.
77
77
78
-
To collect the managed identity application ID from Microsoft Entra ID:
78
+
To collect the managed identity application ID from Microsoft Entra ID:
79
79
80
80
1. Sign in to the [Azure portal](https://portal.azure.com).
81
81
1. Browse to **Microsoft Entra ID** > **Enterprise applications**.
@@ -104,42 +104,38 @@ To collect the managed identity application ID from Microsoft Entra ID:
104
104
105
105
1. In the Finance and Operations portal, navigate to **System administration > Setup > Microsoft Entra ID** applications.
106
106
107
-
1. Create a new entry in the table:
107
+
1. Create a new entry in the table:
108
108
- For the **Client Id**, type the application ID of the managed identity.
109
109
- For the **Name**, type a name for the application.
110
110
- For the **User ID**, type the user ID created in the [previous step](#create-a-user-for-data-collection-in-finance-and-operations).
111
111
112
-
### Enable auditing on the relevant Dynamics 365 Finance and Operations data tables
112
+
### Enable auditing on the relevant Dynamics 365 Finance and Operations data tables
113
113
114
114
> [!NOTE]
115
115
> Before you enable auditing on Dynamics 365 F&O, review the [database logging recommended practices](/dynamics365/fin-ops-core/dev-itpro/sysadmin/configure-manage-database-log#database-logging-and-performance).
116
116
117
-
The analytics rules currently provided with this solution monitor and detect threats based on logs sourced from these tables:
117
+
The analytics rules provided with this solution monitor and detect threats based on logs generated in the System Database Log.
118
118
119
-
- All tables under **System**
120
-
- The **Bank accounts** table under **Bank**
119
+
If you're planning to use the analytics rules provided in this solution, enable auditing for the following tables:
121
120
122
-
If you're planning to use the analytics rules provided in this solution, enable auditing for the **System** and **Bank accounts** tables.
121
+
|Category |Table |
122
+
|---------|---------|
123
+
|System |`UserInfo`|
124
+
|Bank |`BankAccountTable`|
125
+
|Not specified |`SysAADClientTable`|
123
126
124
-
This screenshot shows the **System** and **Bank accounts** tables under **logging database changes**.
127
+
Enable auditing on tables using the **Database log setup** wizard in the Finance and Operations portal.
125
128
126
-
:::image type="content" source="media/deploy-dynamics-365-finance-operations-solution/finance-and-operations-logging-database-tables-new.png" alt-text="Screenshot of the selected Finance and Operations database tables to enable auditing.":::
129
+
- In the **Tables and fields** page, you might want to select the **Show table names** checkbox to make it easier to find your tables.
130
+
- To enable auditing of all fields in the selected tables, in the **Types of change** page, select all four check boxes for any relevant table names with empty field labels. Sort the table list by the **Field label** column in ascending order (A-Z).
131
+
- Select **Yes** for all warning messages.
127
132
128
-
To enable auditing on Finance and Operations tables you want to monitor:
133
+
For more information, see [Set up database logging](/dynamics365/fin-ops-core/dev-itpro/sysadmin/configure-manage-database-log#set-up-database-logging).
129
134
130
-
1. In the Finance and Operations portal, Select **Modules > System Administration > Database log > Database log setup**.
131
-
1. Select **New** > **Next**, and select the tables you want to monitor.
132
-
1. Select **Next**.
133
-
1. To enable auditing on all fields of the selected tables, mark all four check marks to the right of the table names with empty field labels. To see the tables with empty field labels at the top, sort the table list by the field table in ascending order (A to Z):
134
-
135
-
:::image type="content" source="media/deploy-dynamics-365-finance-operations-solution/finance-and-operations-logging-database-changes-new.png" alt-text="Screenshot of configuring the selected Finance and Operations database tables.":::
136
-
137
-
1. Select **Next** and then **Finish**.
138
-
1. Select **Yes** in all warning messages.
139
135
140
136
### Verify that the data connector is ingesting logs to Microsoft Sentinel
141
137
142
-
To verify that log ingestion is working:
138
+
To verify that log ingestion is working:
143
139
144
140
1. Run activities (create, update, delete) on any of the tables you enabled for monitoring in the [previous step](#enable-auditing-on-the-relevant-dynamics-365-finance-and-operations-data-tables).
145
141
1. Wait up to 15 minutes for Microsoft Sentinel to ingest the logs to the logs table in the workspace.
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments