Forum Discussion

VigneshGanesan's avatar
VigneshGanesan
MVP
Jul 04, 2018

Email alerts for modifications made to Azure AD Security group

Hi All ,   We're planning to create an Azure AD Security group which would have high priviliges on all the SharePoint Online site collections and I'm looking for a way to receive email alerts for al...
Azure AD
VasilMichev's avatar
VasilMichev
MVP
Jul 04, 2018

In general you should be able to configure an Activity alert (https://protection.office.com/#/managealerts). However, Microsoft has removed the "new" button and instead is forcing you to use the "Activity policies" functionality, which requires additional licensing...

 

So I guess the answer will be to build your own solution that periodically examines the unified audit log for any events related to the security group(s) in question and sends email notifications accordingly. Some third-party tools can offer this.

St William's avatar
St William
Copper Contributor
Jul 05, 2018

Thank you for the answer VasilMichev. Could you please explain on additional licensing required for this Alerts?.
In https://support.office.com/en-us/article/alert-policies-in-the-office-365-security-compliance-center-8927b8b9-c5bc-45a8-a9f9-96c732e58264?ui=en-US&rs=en-US&ad=US, I could see default alert policies requires E1 or E3 or E5 subscription. Does this mean alerting functionalities requires additional licensing?

  • VasilMichev's avatar
    VasilMichev
    MVP
    Jul 05, 2018

    I believe this article is incorrect, as in my E1 test tenant I don't have any way to create Alert policies. I can still create Activity alerts via the URL I linked above, but for Activity policies you will need E5 or the standalone Office 365 Threat Intelligence or Office 365 Advanced Compliance licenses.