Forum Discussion
Kiril
Feb 27, 2023Steel Contributor
Difference between Alert policy, Activity alerts and Cloud app policies
I tried to create an alert which triggers, when a new group is created in my Microsoft 365 tenant. Unitl now, I found three approaches to achieve that.
Alert policies and Activity alerts, which are part of located in Email & collaboration
Policy management located in Cloud apps.
In each of those sections I can create a rule or a policy which will trigger when a new group is created. Which one should I use? How are those sections connected with each other?
- SheckyCopper ContributorGood question. In the past as E-mail and Cloud Apps were separate with their own dashboards, the policy would just be for that specific area of Defender. with them all combining into the one portal, the duplicity of each setting between the different Defender products is something I have not seen much documentation on.
That said, I'm not sure if something in either would trigger on a tenant wide group add, but more specific to each product.
If you can test triggering the alerts one at a time with a group add, that is how I would make a determination. My gut though says what you might be looking for would be in the E-mail & Collaboration Alert Policy.- KirilSteel ContributorThank you, I'm also leaning towards doing it in E-mail & Collaboration. Unfortunately, I did not find anything on the roadmaps about which alerts might get deprecated.