Feedback by UserVoice

Chris Herrmann

My feedback

  1. 2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Office 365 Security & Compliance » Auditing  ·  Flag idea as inappropriate…  ·  Admin →
    Chris Herrmann supported this idea  · 
    An error occurred while saving the comment
    Chris Herrmann commented  · 

    I had the same problem with a slightly different area. I received an email alert "Notification for the alert 'Elevation of Privilege'", which had totally useless information.

    User: Certificate
    Item <insert long useless string here>
    ClientIP: <null>
    Time (UTC): Can we please get local time for the user who is viewing the report sick of UTC

    The S&C audit logs where similarly useless. Luckily it happened to be me who was working in Azure AD at the time that correlated with the action, so I took a wild guess and had a look there.

    And... yep... AzureAD Logs had enough information for me to verify that this was actually the result of actions that I'd taken. But by the time the logs make their way to S&C they're completely useless.

    It took me 3 days to get the MS Support Engineer to understand what the issue was (i.e. the lack of useful identifying information).

    [Ticket #:11284533] referenced as per their request.

    There's a number of tickets in here raising the same issue, just addressed / described slightly differently.

  2. 879 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    27 comments  ·  Office 365 Admin  ·  Flag idea as inappropriate…  ·  Admin →
    Chris Herrmann supported this idea  · 
    An error occurred while saving the comment
    Chris Herrmann commented  · 

    This is totally ridiculous. We're told we have to use MFA (and I happen to agree)... and we should be getting users onboard with MFA... and using delegated admin rather than creating new global admin accounts.. then you get this rubbish.

  3. 94 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Chris Herrmann shared this idea  · 
  4. 33 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    An error occurred while saving the comment
    Chris Herrmann commented  · 

    You can see the sender in the DLP policy section but not the recipient.

  5. 17 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Chris Herrmann supported this idea  · 
    An error occurred while saving the comment
    Chris Herrmann commented  · 

    It should also have better reporting and actions. For example:
    - Show me items that breached the DLP. Either summary or content depending on your org. policy.
    - Allow DLP Admin to perform action on these items. Approve / reject / etc.
    - And... of course this should all be logged / audit trail.

  6. 8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Chris Herrmann supported this idea  · 
    An error occurred while saving the comment
    Chris Herrmann commented  · 

    We see this a lot too. User gets warning that email was blocked after sending, but policy tip fails to appear about 60% of the time.

  7. 2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    An error occurred while saving the comment
    Chris Herrmann commented  · 

    Agreed. Current DLP processing is so basic that it's almost useless. No workflows available.

  8. 10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    An error occurred while saving the comment
    Chris Herrmann commented  · 

    Does this also apply to DLP matches?

    Chris Herrmann supported this idea  · 
  9. 2 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    An error occurred while saving the comment
    Chris Herrmann commented  · 

    I've just had an MS case closed where they told me that it's not actually possible to have an approval / override workflow at all... but your not suggests that you have this working, but it's simply the timeframe that is the problem. Can you elaborate please?

Feedback and Knowledge Base