Sep 14 2021 01:47 PM
Hello,
When we make a change in policy in O365 security and compliance, for example blocking a domain, all the previous configurations also get saved under the same administrator's name with new timestamps.
Perhaps it is because the entire config file gets saved under the new settings. So all the history of who changed what gets lost.
So if I add a domain in "blocked list", all the previous changes get saved under my name as well, overwriting every change history including timestamps. Not good.
Can this be fixed some how ?
Sep 20 2021 08:09 AM
Hi @SalmanKhan, thank you for your feedback. We will consider improving this in future enhancements of configuration analyzer. Confirming that this is current behavior in configuration analyzer today. This happens if the user uses the UX/portal to make policy changes. One way around this today, it to make policy changes via PowerShell.
Dec 21 2022 11:58 AM - edited Dec 21 2022 11:59 AM
This is still broken a year on. Great feature, but terrible auditing from Microsoft. We're also seeing some changes are not appearing in the history.
A good update to this feature would be to allow triggered notifications for changes.