The easier alerting policy to notify the Information Security Office when a user enables forward mail

The easier alerting policy to notify the Information Security Office when a user enables forward mails.

We can use alert policies and the alert dashboard in the Microsoft Purview compliance portal, EAC, or the Microsoft 365 Defender portal to create alert policies and then view the alerts generated when users perform activities that match the conditions of an alert policy.

Go to https://admin.exchange.microsoft.com

Mail flow, Alert Policies and create a new policy.

Give an alert name and a description

Alert severity, we give alert policies a severity attribute (Low, Medium, High, or Informational), similar to how you do with alert categories. Similar to the alert category, the alert that is generated is labeled with the same severity level that is specified for the alert policy when an activity takes place that matches the conditions of the alert policy. Once more, this enables you to monitor and handle notifications on the notifications page that have the same severity setting. By way of illustration, you can filter the alert list so that only alerts with a High severity are shown.

Choose a severity and select trigger an alert to be generated when new users forward.

Notify people when this alert is triggered.

Finally, create the alert rule.

Alert policies are available for organizations with a Microsoft 365 Enterprise, Office 365 Enterprise, or Office 365 US Government E1/F1/G1, E3/F3/G3, or E5/G5 subscription. Advanced functionality is only available for organizations with an E5/G5 subscription, or for organizations that have an E1/F1/G1 or E3/F3/G3 subscription and a Microsoft Defender for Office 365 P2 or a Microsoft 365 E5 Compliance or an E5 eDiscovery and Audit add-on subscription. The functionality that requires an E5/G5 or add-on subscription is highlighted in this topic. Also note that alert policies are available in Office 365 GCC, GCC High, and DoD US government environments.

More info:

Microsoft 365 alert policies | Microsoft Learn

Leave a Reply

Your email address will not be published. Required fields are marked *