Microsoft Dynamics 365 — Extraction Guide

Data Extraction Guide
for Microsoft Dynamics 365

Step-by-step instructions for your IT team to extract the required data files from Dynamics 365, Power Platform, and Microsoft Entra ID for the AuditCore security and controls assessment.

24Data Files

8Domains

44+Checks

~45 minEst. Time

All Guides

0 Before You Begin

Automated extraction recommended. AuditCore provides a PowerShell script (Extract-AuditCoreD365.ps1) that extracts all 24 files automatically. If your security team permits it, this is the fastest path — see Section 2. Manual export instructions are in Section 3 for environments where scripts are restricted.

Read-only, no changes to your system. All extractions are SELECT / GET operations. AuditCore never writes to Dynamics 365, Entra ID, or Power Platform. The service account or app registration used for extraction should be locked after the assessment is complete.

Component	Required Permission	Notes
Dynamics 365 Dataverse/CRM	`System Administrator` security role	Required for audit log, field security, sharing records
Microsoft Entra ID Azure AD	`Global Reader` or `Security Reader`	Required for MFA status, conditional access, licensed users
Power Platform Admin Center	`Power Platform Administrator`	Required for DLP policies, environment settings, flows
Microsoft Graph API App registration	`User.Read.All`, `UserAuthenticationMethod.Read.All`, `Policy.Read.All`, `AuditLog.Read.All`	Optional — for unattended/script extraction

1 Required Files (24 total)

All files are CSV format. The PowerShell script produces these exact filenames. If extracting manually, name your files exactly as shown.

Identity & Access

user_accounts.csv Identity

User Accounts

All Dynamics 365 users: enabled/disabled status, user type (Internal/Guest/Service), license type, last login, created date, business unit

role_assignments.csv Identity

Security Role Assignments

All user ↔ security role mappings: user principal name, role name, role ID, business unit, disabled flag

team_memberships.csv Identity

Team Memberships

D365 team → user assignments: team ID, team name, user ID, user principal name

mfa_status.csv Identity

MFA Registration Status

Entra ID MFA registration per user: isMfaRegistered, isMfaCapable, default MFA method, account enabled

conditional_access.csv Identity

Conditional Access Policies

Entra ID CA policies: policy name, state (enabled/disabled), included applications, grant controls (MFA, compliant device)

licensed_users.csv Identity

Licensed Users

M365 / Dynamics 365 license assignments per user: account enabled, D365 license flag, SKU part number

Field Security

field_security_profiles.csv Field Security

Field Security Profiles

Column-level access profiles: profile name, field name, AllowRead, AllowUpdate, AllowCreate permissions

hierarchy_security.csv Field Security

Hierarchy Security Config

Manager hierarchy security settings: enabled flag, type (Manager/Position), depth (number of levels)

sharing_records.csv Field Security

Record Sharing (POA)

Principal Object Access grants: who has been individually shared a record and what rights (Read/Write/Delete/Append)

Audit & Compliance

audit_log_settings.csv Audit

Audit Log Settings

Per-entity audit enable/disable configuration, global audit switch status, retention period in days

audit_log_entries.csv Audit

Audit Log Entries (sample)

Sample of recent D365 audit log records: operation, entity, user, timestamp, action type

Platform Security

environment_settings.csv Platform

Environment Settings

Power Platform environment configuration: type (Production/Sandbox/Trial), region, sharing settings, backup status

solution_components.csv Platform

Solution Components

Installed solutions: name, managed/unmanaged flag, publisher prefix, environment, version

data_loss_prevention.csv Platform

DLP Policies

Data Loss Prevention policy definitions: connector name, classification (Business/Non-Business/Blocked), environment scope

Integration Security

api_connections.csv Integration

API / OAuth Connections

Power Platform connections to external services: connector name, owner, status, last modified date

connection_references.csv Integration

Connection References

Solution-level connection references: reference name, connector ID, assigned connection ID (blank = orphaned)

flow_permissions.csv Integration

Power Automate Flow Permissions

Flow ownership and sharing: flow name, shared with (user/group/Everyone), permission level (Owner/Run)

plugin_assemblies.csv Integration

Plugin Assemblies

Registered Dataverse plugins: assembly name, version, isolation mode (Sandbox/None), signed flag

Financial Controls

financial_periods.csv Financial

Financial Periods / Ledger

Fiscal calendar periods with open/closed status, start/end dates, period type and quarter

journal_entries.csv Financial

Journal Entries

Manual journal entries (last 90 days): journal number, amount, date, created by, approval status

vendor_master.csv Financial

Vendor Master Data

Vendor accounts: vendor name, account number, status (Active/Inactive), bank account, email

payment_journal.csv Financial

Payment Journal

Payment records (last 90 days): payment ID, amount, date, vendor, currency, status

budget_control.csv Financial

Budget Control Settings

Budget control configuration: status (Active/Inactive/Draft), control mode (Warning/Error), budget models

Org Controls

business_units.csv Org

Business Units

Business unit hierarchy: BU ID, name, parent BU ID, is root, disabled flag, user count, manager ID

2 Automated Extraction (Recommended)

Fastest path. The Extract-AuditCoreD365.ps1 script extracts all 24 files in approximately 10–20 minutes and saves them to C:\AuditCore\D365\. Requires PowerShell 7+ and the Microsoft.PowerApps.Administration.PowerShell module.

Step-by-step

1 Download Extract-AuditCoreD365.ps1 from your AuditCore welcome email or ask your assessment team for the script.
2 Open PowerShell 7 as Administrator and install the required module:

# Install once — takes 2-3 minutes Install-Module Microsoft.PowerApps.Administration.PowerShell -Scope CurrentUser -Force
3 Run the script with your D365 URL:
# Interactive login (prompts for credentials) .\Extract-AuditCoreD365.ps1 -OrgUrl "https://yourorg.crm.dynamics.com" # Unattended with app registration (recommended for production) .\Extract-AuditCoreD365.ps1 -OrgUrl "https://yourorg.crm.dynamics.com" ` -TenantId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" ` -ClientId "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" ` -ClientSecret "your-client-secret"
4 When complete, all 24 CSV files will be in C:\AuditCore\D365\. The script will print a summary of each file size.
5 Go to AuditCore → New Audit → Microsoft Dynamics 365 → Bulk Upload tab, and drop the entire C:\AuditCore\D365\ folder.

App registration for unattended extraction. For production environments, create a dedicated app registration in Entra ID Admin Center → App registrations. Grant Application (not Delegated) permissions: User.Read.All, UserAuthenticationMethod.Read.All, Policy.Read.All, AuditLog.Read.All, Directory.Read.All. Also add the app as a D365 Application User with the System Administrator role.

3 Manual Extraction (Admin Center)

If the PowerShell script is not permitted, use these manual export paths. Where native CSV export is not available, use Advanced Find → Export to Excel.

File	Export Path	Notes
`user_accounts.csv`	Power Platform Admin Center → Environments → Settings → Users + Permissions → Users → Export Users	Includes all enabled and disabled users
`role_assignments.csv`	D365 → Settings → Security → Users → select all → Manage Roles (view only); or Advanced Find on SystemUserRoles entity	Requires Advanced Find for bulk export
`mfa_status.csv`	Entra ID Admin Center → Protection → Authentication methods → User registration details → Download	Requires Security Reader minimum
`conditional_access.csv`	Entra ID Admin Center → Protection → Conditional Access → Policies → Export (JSON then convert)	JSON export available; convert to CSV using script
`audit_log_settings.csv`	D365 → Settings → Administration → System Settings → Auditing tab; also Settings → Auditing → Audit Log Management	Screenshot or manual entry into template
`audit_log_entries.csv`	D365 → Settings → Auditing → Audit Log → Advanced Find → export last 90 days	Limit to 5,000 rows
`environment_settings.csv`	Power Platform Admin Center → Environments → (select env) → Settings → export visible settings	Manual transcription into template CSV
`data_loss_prevention.csv`	Power Platform Admin Center → Policies → Data policies → view each policy's connector list	No native CSV export; use PowerShell preferred
`vendor_master.csv`	D365 Finance: Accounts Payable → Vendors → All vendors → Export to Excel	Requires D365 Finance or F&O module
`journal_entries.csv`	D365 Finance: General ledger → Journal entries → General journals → filter last 90 days → Export to Excel	Requires D365 Finance or F&O module
`business_units.csv`	D365 → Settings → Security → Business Units → Advanced Find on BusinessUnit entity → Export	Include parent BU ID column
`plugin_assemblies.csv`	D365 → Settings → Customisations → Plug-in Assemblies → view list → manual export	Use PowerShell preferred for isolation mode data

CSV column templates. Download blank CSV templates with the exact expected column headers from the AuditCore dashboard → Resources → D365 Templates, or request them from support@vergent.co.ke.

4 Uploading to AuditCore

1 Log in to AuditCore and click New Audit from the dashboard.
2 Enter an Audit Name (e.g. "Contoso D365 — Q1 2026 Assessment") and select platform Microsoft Dynamics 365.
3 On the File Upload step, switch to the Bulk Upload tab.
4 Drag and drop the entire C:\AuditCore\D365\ folder (or select all 24 CSV files). AuditCore will automatically match files by filename.
5 Verify the Match Summary shows 24 matched files (green), then click Run Assessment.
6 The assessment runs in under 2 minutes. Results appear immediately in the Audit Report with all findings, remediation guidance, and export options.

5 Troubleshooting

Issue	Likely Cause	Resolution
"403 Forbidden" on Graph calls	Missing API permission or admin consent not granted	In Entra ID → App registrations → API permissions → Grant admin consent for tenant
"You are not licensed to use this feature" (MFA report)	Entra ID P1/P2 required for credential registration details	Use `-SkipGraph` flag and export MFA report manually from Entra ID portal
PowerShell module install fails	TLS 1.2 not default, NuGet provider missing	Run: `[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12` Then: `Install-PackageProvider NuGet -Force`
Empty journal_entries.csv	Dynamics 365 CE/CRM (not Finance & Operations)	journal_entries requires D365 F&O. For CE-only deployments, supply a blank template and skip financial period checks.
Dataverse token returns 401	App registration not added as Application User in D365	In D365 Settings → Security → Users → switch to Application Users view → New → add the app registration. Assign System Administrator role.
Script runs but plugin_assemblies.csv is empty	No custom plugins registered, or permission denied	Normal for clean environments. If custom code is expected, verify the app user has read access to pluginassemblies entity.
DLP policy file shows "module not available"	Microsoft.PowerApps.Administration.PowerShell not installed or auth failed	Run: `Install-Module Microsoft.PowerApps.Administration.PowerShell -Force` Then `Add-PowerAppsAccount` to test authentication separately.

Ready to start your D365 assessment?

Upload your extracted files and receive a full Dynamics 365 security report within minutes.

Go to Dashboard

Data Extraction Guidefor Microsoft Dynamics 365

Data Extraction Guide
for Microsoft Dynamics 365