Setting up security alerts in Office 365Posted on 20 February 2019 by Anna Milchem
Administrators are able to set up alerts in Office 365 from the Security and Compliance page.
These could be triggered for several reasons such as when a file is downloaded, when a group is deleted or when a file is shared externally. This can help administrators to keep on top of changes being made in case the changes are incorrect or should never have been made in the first place.
These can be set up as follows:
- Access ‘Security and Compliance’ from the side panel and then ‘Dashboard’.
- You will then be able to choose ‘New Alert Policy’ to start the setup.
- The first page asks for a name of the alert, a description, severity level and then a category. The severity can help you visually when looking through the alerts as you will see them colour coded and annotated dependent on the level. As an example we could set up a policy to alert us if a distribution group was deleted. We could mark this as a medium severity level and a category of ‘Mail Flow’ because if a group was deleted the emails would not reach the intended recipients.
- You are then able to choose which activity will cause the notification, for example, ‘Deleted Group’. This is useful as it could help you to discover which other user is deleting a group. Another activity you could choose to trigger a notification would be to see if an eDiscovery has been completed, which could allow data to be viewed and exported from the system; great from a data security point of view. From this area you can also create conditions so not all alerts will appear (handy if you are aware of some changes being made and don’t need to check them).
- To view alerts that have been triggered, go to the ‘View Alerts’ page. They’ll be shown with the time they were triggered, brief details of what caused it and the address of the user that did it. If you deem the alert to be for a legitimate and safe action then you can choose ‘Resolve’ to remove it from the list to prevent future confusion.
Cyber Threat Report
We monitor cyber attacks and release a quarterly report to help businesses identify threats that may affect them, alongside our tips for securing business data.