How Audit Logs Differ from Standard Tables
The Dataverse Audit table is a special system table that records changes made to other tables in your environment. Unlike standard tables, the Audit table does not support Dataverse's Change Tracking API (delta links). Instead, Data Mission Sync uses a timestamp-based watermark approach to synchronize audit data.
| 💡 Note: To sync audit logs, you must have auditing enabled in your Dataverse environment. See Microsoft's documentation on configuring Dataverse auditing. |
Watermark-Based Synchronization
For the Audit table, Data Mission Sync tracks the last synchronized record using the createdon timestamp as a watermark. Each sync retrieves audit records created after the last watermark, ensuring no audit entries are missed.
This approach differs from standard tables which use Dataverse's native Change Tracking API with delta links. The watermark method is necessary because:
• The Audit table is read-only and append-only (records are never updated or deleted)
• Change Tracking API is not supported on the Audit table
• The createdon timestamp provides a reliable ordering for incremental retrieval
Two-Phase Processing
Audit data is processed in two phases:
1. Audit Entry Retrieval: The main audit records are fetched, containing metadata about each change (who, when, what table, what action).
2. Audit Detail Extraction: The changedata JSON field is parsed to extract detailed attribute-level changes (old value, new value) into a separate auditdetail table.
Target Tables for Audit Data
When you synchronize the Audit table, Data Mission Sync creates two tables in your Azure SQL database:
| Table | Description |
| audit | Contains the main audit records including auditid, action, objectid, entity_name, userid, createdon, and the raw changedata JSON. |
| auditdetail | Contains parsed attribute-level changes extracted from the changedata JSON. Each row represents one field that changed, with columns for attribute name, old value, and new value. |
NULL Value Handling
Data Mission Sync preserves the semantic meaning of NULL values in audit data:
• NULL in oldvalue means the field was not previously set (new record or field was empty)
• NULL in newvalue means the field was cleared
• Empty string means the field was explicitly set to an empty value
This distinction is important for accurate audit trail analysis and compliance reporting.