Microsoft Secure Tech Accelerator
Apr 13 2023, 07:00 AM - 12:00 PM (PDT)
Microsoft Tech Community

Problem with Configuration analyzer - Drift Analysis and History

Occasional Contributor


When we make a change in policy in O365 security and compliance, for example blocking a domain, all the previous configurations also get saved under the same administrator's name with new timestamps.

Perhaps it is because the entire config file gets saved under the new settings. So all the history of who changed what gets lost.


So if I add a domain in "blocked list", all the previous changes get saved under my name as well, overwriting every change history including timestamps. Not good.


Can this be fixed some how ?



2 Replies

Hi @SalmanKhan, thank you for your feedback. We will consider improving this in future enhancements of configuration analyzer. Confirming that this is current behavior in configuration analyzer today. This happens if the user uses the UX/portal to make policy changes. One way around this today, it to make policy changes via PowerShell. 

This is still broken a year on. Great feature, but terrible auditing from Microsoft. We're also seeing some changes are not appearing in the history. 


A good update to this feature would be to allow triggered notifications for changes.