Configuration History
Browse configuration snapshots and compare versions over time
Configuration History
Securtea maintains a history of your Microsoft 365 configuration snapshots. Browse past states, compare versions, and understand how your environment has evolved.
Understanding Snapshots
What Are Snapshots?
A snapshot is a point-in-time capture of your configuration:
- Configuration data - Settings and values at that moment
- Timestamp - When the snapshot was taken
- Hash - Unique identifier for the configuration state
- Version - Sequential version number
Snapshot Sources
Snapshots are created by:
| Source | When |
|---|---|
| Scheduled scans | Based on monitoring schedule |
| Manual capture | User-initiated snapshot |
| Baseline creation | When creating a new baseline |
| Drift detection | When changes are detected |
Browsing History
Accessing History
- Navigate to Drift Detection > History
- Select a resource type to explore
- View snapshot timeline
Timeline View
The timeline shows:
- Snapshot points - Each scan or capture
- Change indicators - Visual markers for changes
- Date range - Filterable time period
- Resource summary - Quick stats per snapshot
Filtering History
Filter snapshots by:
| Filter | Options |
|---|---|
| Date Range | Last 7/30/90 days, custom |
| Resource Type | Specific M365 resources |
| Has Changes | Only show snapshots with drift |
Viewing Snapshots
Snapshot Details
Click a snapshot to see:
- Full configuration - Complete data at that time
- Metadata - Timestamp, hash, source
- Change summary - What changed from previous
- Related events - Drift events linked to this snapshot
Configuration View
Browse the configuration hierarchy:
Snapshot: 2024-01-15 09:00:00
└── Conditional Access Policies
├── Require MFA for Admins
│ ├── state: enabled
│ ├── conditions: {...}
│ └── grantControls: {...}
└── Block Legacy Auth
├── state: enabled
└── conditions: {...}
Expand nodes to see detailed settings.
Raw Data View
View raw JSON data:
- Click View Raw on any snapshot
- See complete API response
- Copy for external use
- Download as JSON file
Comparing Versions
Side-by-Side Comparison
Compare two snapshots:
- Select first snapshot
- Click Compare
- Select second snapshot
- View differences
Comparison View
The comparison shows:
| Section | Content |
|---|---|
| Added | New configurations |
| Removed | Deleted configurations |
| Modified | Changed values |
| Unchanged | Same in both |
Diff View
See exact changes:
Conditional Access Policy: "Require MFA"
- state: "disabled"
+ state: "enabled"
Green (+) indicates additions, red (-) indicates removals.
Compare with Baseline
Compare current state to your baseline:
- Select a snapshot
- Click Compare to Baseline
- Choose baseline
- See differences from expected state
Version Navigation
Jump to Version
Navigate to specific snapshots:
- Latest - Most recent snapshot
- Previous - One version back
- Next - One version forward
- Specific date - Enter date/time
Change Markers
Timeline shows change types:
| Marker | Meaning |
|---|---|
| 🟢 Green | No changes detected |
| 🟡 Yellow | Minor changes |
| 🔴 Red | Significant changes |
| ⚪ White | No baseline comparison |
Snapshot Management
Manual Snapshots
Create a snapshot on demand:
- Go to Drift Detection > History
- Click Capture Now
- Select resource types
- Snapshot is captured immediately
Use manual snapshots:
- Before making planned changes
- To establish a known-good state
- For audit documentation
Snapshot Retention
Snapshots are retained based on your plan:
| Plan | Retention |
|---|---|
| Business | 90 days |
| Enterprise | 365 days |
Exporting Snapshots
Export snapshots for external use:
- Select snapshot(s)
- Click Export
- Choose format (JSON, CSV)
- Download file
Exported snapshots can be imported into other tools or used for custom analysis.
Use Cases
Audit Trail
Document configuration history for audits:
- Export snapshots for audit period
- Include comparison reports
- Show compliance maintenance over time
Change Investigation
Investigate when a change occurred:
- Filter history to relevant resource
- Find snapshot with change marker
- View comparison to identify change
- Correlate with drift events
Rollback Planning
Plan configuration rollback:
- Find snapshot with desired state
- Export configuration
- Use as reference for manual restoration
Securtea doesn't automatically roll back configurations. Use snapshots as reference for manual remediation.
Compliance Documentation
Document compliance maintenance:
- Export periodic snapshots
- Show consistent baseline adherence
- Demonstrate continuous monitoring
Best Practices
Regular Review
Schedule periodic history reviews:
- Weekly: Scan for unexpected changes
- Monthly: Review change patterns
- Quarterly: Audit snapshot coverage
Meaningful Captures
Create manual snapshots at key moments:
- Before major changes
- After remediation
- For milestone documentation
Correlation
Link history to other data:
- Match snapshots to change tickets
- Correlate with Azure AD sign-in logs
- Connect to incident timelines
Troubleshooting
Missing Snapshots
If expected snapshots aren't present:
- Verify monitoring schedule is active
- Check for scan errors in logs
- Ensure resource type is monitored
Incomplete Data
If snapshots have missing data:
- Review API permissions
- Check for license requirements
- Some data may have propagation delays
Comparison Issues
If comparison shows unexpected results:
- Verify snapshots are for same resource type
- Check for resource ID changes
- Review data format differences
What's Next?
- Baselines - Define expected configuration
- Alerts - Configure change notifications
- Monitoring Schedules - Set scan frequency