I got the inspiration of this post from the DynamicsMinds session “Log It Like It’s Hot : Smarter Change Tracking in D365FO by Johan Persson and André Arnaud de Calavon.

When discussing security in Dynamics 365, most conversations quickly end up around roles, duties, privileges, segregation of duties, and access levels. All important topics. But there is one standard feature that often gets far too little attention: Electronic signatures.

And honestly, this feature is much more powerful than many customers realize.

The interesting part is not only that a user must re-authenticate before changing something sensitive. The real value is the traceability and accountability it introduces into the ERP process itself.

In many implementations I still see critical parameters protected only by “hope and permissions”. Someone with admin rights changes a setup, pricing parameter, bank account, posting profile, or inventory configuration — and days later everyone starts asking the classic ERP question:

“Who changed this, and why ?”

Electronic signatures changes that conversation completely.

Instead of only relying on security roles, Dynamics 365 can require a deliberate approval step before specific records or fields are modified. The user must actively sign the operation, provide credentials, optionally provide comments, and the system stores the operation together with the reason and context.

And this is where it becomes really interesting.

Dynamics 365 does not only log that “something happened”. It can log:

• Who made the change
• When the change happened
• Which specific record was changed
• Previous value
• New value
• Reason code
• Comment from the signer

That is a completely different level of operational governance. You find the Electronic signature solution here:

Here you can setup signature requirements, by just specifying the table and even the specific field:

There are also the feature that a reason code and comment must be added before you are allowed to change the record. So If I try to change a parameter I get the following “pop-up”, where I have to set reason code and add a comment.

I will also be asked to specify a password for the change. A record is also stored in the database log so I can see and track the change, and the reason why the value did change.

In practice, this creates a much stronger control mechanism around sensitive business processes than simply hiding forms behind security roles. Roles only control access. Electronic signatures create accountability.

I especially like this feature for:

• Vendor bank account changes
• Critical parameter modifications
• Quality management approvals
• Regulatory processes
• Financial approval scenarios
• Sensitive master data

And the beautiful part is that much of this is standard functionality.

Another thing many people forget is that electronic signatures can be configured directly against specific tables and fields in the database. This means you are not limited only to predefined Microsoft processes. You can secure exactly the data elements that matter most to your business.

For regulated industries this is obviously valuable. But honestly, even companies without strict compliance requirements should evaluate it. Modern ERP governance is not only about preventing access. It is about understanding exactly what changed inside the system and why.

Because in reality, the biggest ERP risks are often not hackers.

It is Karen from accounting changing a parameter Friday afternoon before going home, or the automatic AI/MCP tool trying to make things “perfect”. Let’s take back accountability.