Dynamics 365 Customer Service - Modify and override submitted evaluations

🚨 The Signal: Dynamics 365 Customer Service now allows Quality Managers to modify and override completed agent evaluations, including AI-generated ones. This ensures accuracy but requires strict permission management and audit trail review to prevent misuse.

The Impact

Quality Managers are affected; the security risk is unauthorized modification of critical performance data if permissions are not properly managed.

  • Quality Managers: Risk of unauthorized changes if permissions are too broad.
  • Security Teams: Need to monitor audit logs for suspicious evaluation overrides.
  • Compliance Teams: Potential for inaccurate reporting if evaluation integrity is compromised.
  • Auditors: Must verify the integrity of evaluation data and override processes.

The Action

  1. Review and restrict Dynamics 365 Customer Service roles with 'supervisory permissions' to only authorized Quality Managers.
  2. Implement regular audits of evaluation override logs to detect anomalous activity.
  3. Ensure audit trails for evaluation modifications are integrated into security monitoring systems.
  4. Communicate policy for evaluation overrides to all relevant stakeholders.

Domain: M365-Apps · Impact: medium · Workload: M365 Apps · Essential Eight: Restrict Administrative Privileges · ISM: ISM-0445, ISM-1175, ISM-1380, ISM-1507, ISM-1508, ISM-1509, ISM-1647, ISM-1648, ISM-1650, ISM-1686, ISM-1688, ISM-1689, ISM-1883, ISM-1897, ISM-1898