It is my understanding that if continuous enforcement is configured for a security control, that Huntress will manage the noise by not raising an escalation. It will just "fix" the issue if someone disables a setting directly in the 365 tenant, and log that it took that action in the Activity Log. I think this is a great default, but if the only notification option is the ISPM Actions feed, this info may get missed. I'd like the option to check a box, at the level of the security control, to enable the creation of an Escalation for when the continuous enforcement is triggered and action is taken. The use case is either an untrained or internal IT resource accidentally undoing a security policy from within the tenant itself. This would help me know if some training is needed, or if the internal IT resource might be performing some actions in the tenant to "solve" a problem, without notifying us. Thanks!
