Power Platform Admin Center Analytics – is somebody hacking my Dynamics instance?

By | September 25, 2018

I have my own online instance of Dynamics v9, so there is not a lot of activity there on a regular day.. but I know for sure that I did not go there even once yesterday.

So this morning, when I went to the Power Apps admin center to see the analytics for that instance for the last 24 hours, it’s not that I was terrified by the number of API calls, but I was a bit surprised.. apparently, something was happening in Dynamics even when I was not using it.. Was it hacked? Somebody was trying to steal my data?

image

From the looks of it, all those API calls are associated with the entity type codes. You can see how there are retrieve multiple calls for the MailBox entity (9606), which is probably my server-side exchange synchronization. There are Delete calls for the AsyncOperation entity (4700), and there are other calls.

Here is what showed up in the System Jobs chart:

image

And there is another nice chart that shows you the most used entities (custom vs out of the box):

image

Apparently, mailbox synchronization is an ongoing activity that requires a few API calls no matter if the user is working in the system or not. Which is understandable. Other than that, there are, also, system jobs doing rollup fields calculations:

image

So most of it actually looks quite normal so far – some activity should be expected even if nobody is working in Dynamics.

The only piece of this which is still puzzling me is the “most active users” chart:

image

Apparently, I was doing something I was not even ware of. To figure that out, I just enabled read auditing in Dynamics – we’ll see what is it I’m reading when I’m not in the system – may take a few days till I get clean data, but we’ll see what shows up.

And, by the way, all those numbers really come down to about 6.5 calls per every 5 minutes. Given that each user is allowed 60K calls per 5 minutes (https://docs.microsoft.com/en-us/dynamics365/customer-engagement/developer/api-limits), that’s really nothing to worry about, at least from the utilization standpoint.

Leave a Reply

Your email address will not be published. Required fields are marked *