Forum Discussion

Kiril's avatar
Kiril
Steel Contributor
Feb 27, 2023

Difference between Alert policy, Activity alerts and Cloud app policies

I tried to create an alert which triggers, when a new group is created in my Microsoft 365 tenant. Unitl now, I found three approaches to achieve that.

 

Alert policies and Activity alerts, which are part of located in Email & collaboration

 

 

Policy management located in Cloud apps.

 

 

 

In each of those sections I can create a rule or a policy which will trigger when a new group is created. Which one should I use? How are those sections connected with each other?

 

  • Shecky's avatar
    Shecky
    Copper Contributor
    Good question. In the past as E-mail and Cloud Apps were separate with their own dashboards, the policy would just be for that specific area of Defender. with them all combining into the one portal, the duplicity of each setting between the different Defender products is something I have not seen much documentation on.
    That said, I'm not sure if something in either would trigger on a tenant wide group add, but more specific to each product.
    If you can test triggering the alerts one at a time with a group add, that is how I would make a determination. My gut though says what you might be looking for would be in the E-mail & Collaboration Alert Policy.
    • Kiril's avatar
      Kiril
      Steel Contributor
      Thank you, I'm also leaning towards doing it in E-mail & Collaboration. Unfortunately, I did not find anything on the roadmaps about which alerts might get deprecated.

Resources