Activity alerts play a very important role while setting up Security & Compliance. You can create an alert that will send you an email notification when users perform specific activities in Office 365.
In this article, you can see how we can get alerts if someone accesses any document in SharePoint Online. Similarly, you can also set alerts for different activities such as common user activities, file & folder activities, file sharing activities, synchronization activities & also for administration activities.
Difference between Alerts and Audit logs search in O365 Security & Compliance?
Activity alerts are similar to searching the Office 365 audit log for events, except that you'll be sent an email message when an event that you've created an alert for occurs.
In Audit logs search, we can see the results as soon we search for it within the period of 90 days since the activity occurred (retention of the audit records depends on the subscription you have).
- Office 365 Security & Compliance center > Alerts > Dashboard
You can also go to Office 365 Security & Compliance center using URL - https://protection.office.com
- Name your alert, add description, severity & select category.
- Next, you will need to choose an activity & when to trigger an alert. So, in our case alert needs to be triggered whenever a file is accessed from SharePoint Online
- You can also add a condition, for this alert. Such as in this case you can mention the Site Collection URL so that if the file is accessed in SharePoint Online from that Site Collection an alert will be triggered. After that click on NEXT.
- The last step is setting up your recipients & daily notification limits. You can choose a user to whom the alerts will be sent.
- After the alert is all set, you can now review your settings, turn ON the policy and click FINISH.
- Alert result - If any user tries to access any file in SharePoint Online, the recipients (the user which has been mentioned as a recipient in the alert policy) will get an email notification (see below image).
In this way, we can create different types of alert policies with respect to Security & Compliance of any organization and this is how you can monitor each activity within your organization.
We can create alert policies for different activities like common user activities, file & folder activities, file sharing activities, synchronization activities & also for administration activities.