Forum Discussion
Pawel Jarosz
May 15, 2020Brass Contributor
Security & Compliance alerts not working
Hey All,
Stumbled accross two problems with Security & Compliance alert.
One is - I'm testing alert for forwarding / flow that forwards emails outside of the company - this seems to work with some big delay, and maybe it wouldn't be an issue however appeared that it only works for OWA created rules - not by the ones created in Outlook - is there a way to track such rules as well in this portal?
Second thing is I've created rule that - in my understanding - set up a full access on a mailbox - activity "Activity is AddMailboxPermission", but seems it doesn't work, I've set up these permissions on one user mailbox and one shared - and see nothing in the alerts, am I doing this well?
While I was showing to my colleague it doesn;t work he added permissions to some mailbox and we've seen this action in alerts - so seems that there is a bigger delay than I thought for these policies to become effective.
My other concern is how this flow search works, as as of now I am not aware of any of the PS cmdlet giving me the exact mechanism of a flow, so not sure how MS covered that - I mean if it really works, as many things are given to prod and do not work as expected.
Disclaimer: I know how to track these in PowerShell - I wrote scripts already, however I would like to leverage mechanisms and alerting provided by MS for o365 rather than using custom solutions. However so far, seems I would need to have some runbooks as so far haven't found solutions for these.
Appreciate your help,
Pawel
The alerts rely on events in the Unified audit log, which are nowhere near being real-time. In other words delays are expected. And yes, the "forwarding" alert only applies to specific types of forwarding, it doesn't cover all scenarios.
The alerts rely on events in the Unified audit log, which are nowhere near being real-time. In other words delays are expected. And yes, the "forwarding" alert only applies to specific types of forwarding, it doesn't cover all scenarios.