Links

Managing Microsoft 365 Violations

When an end user violates a policy in MS Teams, a notification is generated based on the notification settings configured by you in the policy configurations.
This document explains where you can find notifications on policy violations and what actions can be taken.

Nightfall Violations Page

To view the Nightfall violations page:
  1. 1.
    Navigate to the Violations page in Nightfall.
  2. 2.
    Apply filters to view only MS Teams violations.
  3. 3.
    (Optional) Modify the days filter to view historical violations. You can view violations up to the past 180 days.
  1. 4.
    (Optional) Hover over a violation to view the severity of the violation. You can also check how likely is it that the detected violation is an actual violation (Likely, Very Likely).
  2. 5.
    Click the ellipsis menu in the right corner or on the violation to view the list of actions that you can take to initiate the violation.
  3. 6.
    Click on any violation to view the exact data that caused the violation (highlighted in red). You can click Expand details to view further details.

Email Notification

  • If you have configured Email Notification in Admin Alerting, Nightfall admins receive the Email notification. This Email allows admins to take actions from within the Email.
  • If you have configured Email Notification in the Automation section of End user notification settings, end users receive an email from Nightfall. This Email allows end users to take actions from within the Email.

Viewing Notifications in MS Teams

When a violation occurs, the end user who triggered the violation receives an Email to their registered Microsoft account. The Email looks as follows.
If you have enabled end-user remediation in policy settings, based on the options selected in end-user remediation, end-users can view two options. They can either choose to Remediate in Teams or Report as False Positive. The options to Remediate in Teams or Report as False Positive are displayed in the Email only if you have configured them in the end-user remediation section of the policy.