You build the feature. You test it. It works. Three months later: data is missing, a transaction failed, a user denies doing something your system says they did. Where do you look? The audit log. And if you don't have one, you're blind. What is an audit log? A chronological, tamper-evident record of every significant action: who did what, when, and what changed. Junior developers think audit logs are a compliance checkbox. That thinking is backwards. Audit logs aren't for regulators. They're infrastructure for trust. They answer the hardest question any system faces: "What actually happened?" 8 non-negotiables every developer must know: An audit log is NOT a regular log. Never mix them. Every entry must answer: Who? Did what? To what? When? From where? Result? Timestamps in UTC. Always. No exceptions. Append-only. No UPDATE. No DELETE. Ever. Use cryptographic hash chaining for tamper-evidence. Never log passwords, tokens, or secrets. Define your retention policy before you write the first record. Treat audit logs as evidence — because someday they will be. Audit logs feel unnecessary until they're the only thing standing between you and a disaster you cannot explain. Build them seriously from the start. Build them as an afterthought, and you will regret it.
Multi-BU D365 environment: single tenant, multiple LEs