Data Extraction Guide
for Microsoft Dynamics 365
Step-by-step instructions for your IT team to extract the required data files from Dynamics 365, Power Platform, and Microsoft Entra ID for the V/ergent security and controls assessment. Includes Release 5 programme packs: 25 AML / Wolfsberg controls + 50 cross-system SoD rules + (SAP-only) 30 SAP-GRC-parity fraud patterns.
Recommended extraction path
Use the V/ergent extractor first. It writes CSVs to a timestamped folder under C:\Vergent\Export, then you upload that folder into the audit project.
Manual path if automated extraction is blocked
Use the required-file list below as the manual checklist. Keep filenames unchanged, leave unavailable files empty with only headers, and record any missing source in the upload notes before running the audit.
Extract-VergentD365.ps1) that extracts all 24 files automatically. If your
security team permits it, this is the fastest path — see Section 2. Manual export instructions
are in Section 3 for environments where scripts are restricted.
| Component | Required Permission | Notes |
|---|---|---|
| Dynamics 365 Dataverse/CRM |
System Administrator security role |
Required for audit log, field security, sharing records |
| Microsoft Entra ID Azure AD |
Global Reader or Security Reader |
Required for MFA status, conditional access, licensed users |
| Power Platform Admin Center |
Power Platform Administrator |
Required for DLP policies, environment settings, flows |
| Microsoft Graph API App registration |
User.Read.All, UserAuthenticationMethod.Read.All,Policy.Read.All, AuditLog.Read.All |
Optional — for unattended/script extraction |
All files are CSV format. The PowerShell script produces these exact filenames. If extracting manually, name your files exactly as shown.
User Accounts
All Dynamics 365 users: enabled/disabled status, user type (Internal/Guest/Service), license type, last login, created date, business unit
Security Role Assignments
All user ↔ security role mappings: user principal name, role name, role ID, business unit, disabled flag
Team Memberships
D365 team → user assignments: team ID, team name, user ID, user principal name
MFA Registration Status
Entra ID MFA registration per user: isMfaRegistered, isMfaCapable, default MFA method, account enabled
Conditional Access Policies
Entra ID CA policies: policy name, state (enabled/disabled), included applications, grant controls (MFA, compliant device)
Licensed Users
M365 / Dynamics 365 license assignments per user: account enabled, D365 license flag, SKU part number
Field Security Profiles
Column-level access profiles: profile name, field name, AllowRead, AllowUpdate, AllowCreate permissions
Hierarchy Security Config
Manager hierarchy security settings: enabled flag, type (Manager/Position), depth (number of levels)
Record Sharing (POA)
Principal Object Access grants: who has been individually shared a record and what rights (Read/Write/Delete/Append)
Audit Log Settings
Per-entity audit enable/disable configuration, global audit switch status, retention period in days
Audit Log Entries (sample)
Sample of recent D365 audit log records: operation, entity, user, timestamp, action type
Environment Settings
Power Platform environment configuration: type (Production/Sandbox/Trial), region, sharing settings, backup status
Solution Components
Installed solutions: name, managed/unmanaged flag, publisher prefix, environment, version
DLP Policies
Data Loss Prevention policy definitions: connector name, classification (Business/Non-Business/Blocked), environment scope
API / OAuth Connections
Power Platform connections to external services: connector name, owner, status, last modified date
Connection References
Solution-level connection references: reference name, connector ID, assigned connection ID (blank = orphaned)
Power Automate Flow Permissions
Flow ownership and sharing: flow name, shared with (user/group/Everyone), permission level (Owner/Run)
Plugin Assemblies
Registered Dataverse plugins: assembly name, version, isolation mode (Sandbox/None), signed flag
Financial Periods / Ledger
Fiscal calendar periods with open/closed status, start/end dates, period type and quarter
Journal Entries
Manual journal entries (last 90 days): journal number, amount, date, created by, approval status
Vendor Master Data
Vendor accounts: vendor name, account number, status (Active/Inactive), bank account, email
Payment Journal
Payment records (last 90 days): payment ID, amount, date, vendor, currency, status
Budget Control Settings
Budget control configuration: status (Active/Inactive/Draft), control mode (Warning/Error), budget models
Business Units
Business unit hierarchy: BU ID, name, parent BU ID, is root, disabled flag, user count, manager ID
Native coverage: 15 SoD rules in the D365_CONFLICT_MATRIX.
Plus the three Release 5 programme packs that run alongside this platform's audit:
- AML / Wolfsberg Programme Controls — 25 controls spanning sanctions-list cadence, PEP / KYC review, CTR / SAR filing, structuring detection, transaction-monitoring tuning. Wired into all 7 ERP connectors (skips on cloud-only audits). Guide.
- Cross-System SoD — 50 multi-ERP conflict patterns spanning SAP × Oracle × D365 × NetSuite × Sage × AWS × Azure. Detects fraud paths a single-system review will never see. Guide.
- SAP Fraud Patterns — 30 SAP-GRC-parity patterns (STAD audit-log delete, debugger replace in PROD, Z* shadow SAP_ALL, dormant SAP_ALL, posting-period unlock + GL post, etc.). Guide.
Every finding carries citations across 13 frameworks (COSO 2013, COBIT 2019, NIST CSF 2.0, ISO 27001:2022, CIS v8, SOX ITGC, SOC 2 TSC, PCI DSS v4, HIPAA, DORA, NIS2, GDPR, Kenya DPA) — 11 of 13 at ≥75% mapped coverage. See the Check Packs page for per-pack framework coverage badges.