Forum Discussion
MS Defender for O365 (MDO) - Default Alert Policies
Hello everyone - I'm totally new to MDO and been doing some labs. I want to implement a custom "A potentially malicious URL click was detected" & "A user clicked through to a potentially malicio...
Hello Ash - I want to have a separate alert policy as our organization has multiple different business divisions and we're all using one tenant. Since the default policy triggers an alert for everyone in the tenant, we're hoping a dedicated policy will trigger an alert only for our business division - not for the entire tenant.
Thanks for sharing your scenario akosijesyang. It's an interesting one. As far as I can see, your valid options are to disable the default policy and replace it with multiple granular policies, however I don't see the condition "activity is MaliciousUrlClick" as something you can add to a custom policy. The other options are to disable email notifications for the default alert policy so that the alert just appears as an alert within the console, or to change the recipients of the email notifications to something other than tenant admins. Not ideal, given your goal.
Thanks, Ash
Thanks, Ash