Dynamics 365 Customer Service - Modify and override submitted evaluations
🚨 The Signal: Dynamics 365 Customer Service now allows Quality Managers to modify and override completed agent evaluations, including AI-generated ones. This ensures accuracy but requires strict permission management and audit trail review to prevent misuse.
The Impact
Quality Managers are affected; the security risk is unauthorized modification of critical performance data if permissions are not properly managed.
- Quality Managers: Risk of unauthorized changes if permissions are too broad.
- Security Teams: Need to monitor audit logs for suspicious evaluation overrides.
- Compliance Teams: Potential for inaccurate reporting if evaluation integrity is compromised.
- Auditors: Must verify the integrity of evaluation data and override processes.
The Action
- Review and restrict Dynamics 365 Customer Service roles with 'supervisory permissions' to only authorized Quality Managers.
- Implement regular audits of evaluation override logs to detect anomalous activity.
- Ensure audit trails for evaluation modifications are integrated into security monitoring systems.
- Communicate policy for evaluation overrides to all relevant stakeholders.
Domain: M365-Apps · Impact: medium · Workload: M365 Apps · Essential Eight: Restrict Administrative Privileges · ISM: ISM-0445, ISM-1175, ISM-1380, ISM-1507, ISM-1508, ISM-1509, ISM-1647, ISM-1648, ISM-1650, ISM-1686, ISM-1688, ISM-1689, ISM-1883, ISM-1897, ISM-1898