Alert Policies In Office 365 Security And Compliance Center

Security & Compliance Center

Office 365 Cloud Service is standing on strongly built security pillars.

The below image shows the complete structure of Security and Compliance Center in Office 365.

  • Alert
  • Permissions
  • Classifications
  • Data loss prevention
  • Data governance
  • Threat management
  • Search and investigation
  • Reports
  • Service assurance
Alert policies in the Office 365 Security & Compliance Center

Here, we are going to see how to create or configure Alert Policy in Security and Compliance Center in SharePoint / Office 365. Let’s take a quick overview of alert policy flows and the alerts that are triggered when user or admin activity matches the conditions of an Alert Policy.

An admin sets user administration activity tasks such as create, configure, turn on an alert policy, and specify user for email alert and so on by using the Alert Policies in the Security & Compliance Center dashboard.

In User Task activity, when a new user gets added into a group and that matches the conditions of an alert policy, email messages sent to users will trigger an alert.

Office 365 performs an activity to generate an alert that's displayed on the View alerts page in the Security & Compliance Center. Also, it sends email notifications to specified user for the alert policy. It also managea View alerts and edit activities.

Alert Policy

In Office 365 Security and Compliance Center, to track a new activity and monitor user's actions on office portal, we can configure alert policy to get an alert when any update happens in the Portal. It consists of certain activities for alert that defines the user or administration activity. If user performs any new update activity, an alert will be triggered.

You can use the new alert policy in the Office 365 Security & Compliance Center to create alert policies and then view the alerts that are generated when users perform activities that match the conditions of an alert policy. You can also set a threshold level for when an alert is triggered.

Let’s create alert policies in the Security & Compliance Center.

Go to Security and Compliance Center. On the left navigation, click on "Manage alerts" under the Alerts tab, as shown in below image.

Now, click on "+New alert policy" button. It will popup new alert policy form.

Fill out all the details which are required.

Name - Provide name to the new alert.

Alert type - Choose alert type - either custom or Elevation of privilege (This is a default alert policy created by Office 365. It helps you monitor all the activities that increased your users' admin privileges).

Description - Enter description for your alert.

Choose activities for alert - Here, you can define the conditions for an alert to be triggered.

User - Provide user who will get the email notification for alert.

Below are the various activities defined for alerts that you can choose to trigger for selected activity.

Dynamics 365 Activities

Sharing and access request activities

Synchronization activities

Folder activites

Site administration activities

Application administration activities

Azure AD group administration activities

Role administration activities

eDiscovery activities

Microsoft Teams Activities

Here, I have chosen added user activities for triggering an alert.

Choose added user activity and the user that you want to receive the alerts for and save it.

Now, go to Admin Center and to add a new user, refer to my article Overview of Office 365 Structure And Adding User Account.

Once a new user is added successfully, an alert will be triggered, and in the same way, recipients will receive the alert email notification like below.

Here is the message you will get once it triggers alert.

"You are getting this email notification because there’s activity in your Office 365 organization that matches the alert ‘Alert me new user added’."

Administrators can view the alerts that are triggered by a policy, on the "View alerts" page.

This way, you can configure the Alert Policy in Security and Compliance Center on SharePoint / Office 365.

Happy reading.