Azure Monitor to Track D365FO
admin@umeshpandit.com Post in Dynamics 365

Why You Should Use Azure Monitor to Track D365FO Login Events

When I first started working with Dynamics 365 Finance & Operations (D365FO), one of the biggest challenges I faced was understanding who was logging in, when, and from where. It seemed like such basic information, yet there wasn’t a clear way to track it within the system itself. Over time, I discovered that Azure Monitor could bridge this gap. If you’ve ever felt the same way—like you’re operating in the dark when it comes to user activity—this article is for you.

In this post, I’ll explain why tracking login events in D365FO matters, how Azure Monitor helps, and what you’ll need to get started. If you’re new to this, don’t worry. I’ll keep it simple and easy to follow. And if you’re ready to go deeper, I’ll share a full setup guide in the next blog.

What You Can Learn from D365FO Login Activity

Tracking login events helps you answer key questions like:

  • Who accessed the system today?
  • Did someone try to log in after hours?
  • Are there repeated failed login attempts?

D365FO captures useful data such as:

  • User ID: Who logged in
  • Timestamp: When the login happened
  • Session details: Duration and activity scope
  • Login status: Success or failure

This information is valuable for:

  • Security monitoring: Spotting unauthorized access
  • Audit readiness: Showing login records during compliance checks
  • Operational tracking: Knowing which users are active and when

Understanding these patterns can help you stay one step ahead of potential issues.

Where D365FO Falls Short Without External Tools

Out of the box, D365FO doesn’t offer deep visibility into login events. While you can find some basic user session data, it’s often limited in scope and difficult to search or analyze. There are no built-in alerts, filters, or dashboards focused on login activity.

Here’s what’s missing:

  • No central view of all login events
  • Limited filtering and no advanced search
  • No real-time alerting or automated responses
  • No built-in reporting options for login trends

This makes it hard for IT teams to quickly detect suspicious activity or generate reports for audits.

What Azure Monitor Brings to the Table

Azure Monitor is Microsoft’s built-in platform for tracking system activity, performance, and diagnostics. It works with many Microsoft services, including D365FO. When connected, it receives telemetry data—like login events—so you can view, search, and analyze it in real time.

Here’s what Azure Monitor offers:

  • Log collection: Gathers login data and stores it in a structured way
  • Search and queries: Use Kusto Query Language (KQL) to filter data
  • Dashboards and charts: Create visual insights using Azure Workbooks
  • Alerts: Set up rules to notify you when something unusual happens

In D365FO, telemetry data like login events is sent to Azure Monitor via Lifecycle Services (LCS), once the right settings are enabled. This means you can track user activity without needing any third-party tools.

Benefits of Using Azure Monitor for Login Tracking

Once you set it up, Azure Monitor gives you far more control and insight than what D365FO alone can offer. Here are the top reasons to use it:

Centralized Tracking

  • Monitor logins across all environments: Production, UAT, and Development
  • Store data in one place for easy access

Real-Time Log Analysis

  • Use powerful queries to find specific events
  • Filter by user, date, IP address, or login result

Alerting on Suspicious Activity

  • Set alerts for:
    • Multiple failed login attempts
    • Logins during non-business hours
    • Unusual IP addresses

Compliance and Reporting

  • Maintain long-term records of login events
  • Generate reports for internal audits or external reviews

Scalable and Flexible

  • Works for teams of any size
  • Can be expanded to monitor other types of telemetry, like performance, batch jobs, or user errors

These benefits make it a smart choice for IT admins, security leads, and operations managers alike.

Key Requirements to Enable Monitoring

Before you can start tracking D365FO login activity with Azure Monitor, you’ll need a few things in place:

  • Azure Subscription
  • This is where the Log Analytics workspace will live. It stores the login data.
  • Log Analytics Workspace
  • A component of Azure Monitor that stores and queries logs using KQL.
  • Lifecycle Services (LCS) Access
  • You’ll need access to the D365FO environment via LCS to enable telemetry.
  • Telemetry Configuration
  • Within LCS, make sure categories like SignInEvents and UserSessions are enabled.

Once all of these are connected, data will begin flowing into Azure Monitor automatically.

Want to See It in Action?

Now that you know what’s possible, you might be wondering how to actually set this up. I’ve created a detailed, step-by-step guide that shows you how to enable D365FO telemetry, connect it to Azure Monitor, run login queries, and even set alerts.

Check here to check it out.

Closing Thought

Tracking user login events in D365FO is no longer optional. It’s an essential part of running a secure and reliable system. With Azure Monitor, you don’t have to settle for limited visibility. You can monitor access in real time, respond faster to security risks, and stay audit-ready at all times.

If you’re working with D365FO and haven’t yet explored Azure Monitor, this is the right time to start.

Post Views: 303

Leave a Reply

Your email address will not be published. Required fields are marked *