cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Query on Audit Policy Alert

Gerry Morley
Brass Contributor

‎Feb 08 2018 03:31 AM

‎Feb 08 2018 03:31 AM

Query on Audit Policy Alert

Hi there

 

I have sharing alert setup in the Office 365 DLP audit policy, just wondering if anyone knows a way to get an alert that has more information  - like who the file or site was shared with as this information does not seem to be in the alert?

 

Also is there a way for sharing alerts on certain sites to be sent to one person and on other sites to another person?

 

Thanks

Gerry

Preview file
36 KB
1,047 Views
0 Likes
3 Replies
Reply
3 Replies
Pablo R. Ortiz

‎Feb 08 2018 04:07 AM - edited ‎Feb 08 2018 04:09 AM

‎Feb 08 2018 04:07 AM - edited ‎Feb 08 2018 04:09 AM

Re: Query on Audit Policy Alert

If you go to the details of the activity detected by the alert, you can check if the content was shared with a Guest account, or by a sharing link, etc.

Also, when searching the audit logs you can filter by element (site, library, etc) and convert that to a policy, which for every ítem could sent alert emails to different recipients.

 

ShareLink.JPGShareWith.JPG

ShareAlert.JPG

 

0 Likes
Reply
Gerry Morley

‎Feb 08 2018 04:19 AM

‎Feb 08 2018 04:19 AM

Re: Query on Audit Policy Alert

@Pablo R. Ortiz Thanks for that - good to know. Would be great if that detail could be in the email to save having to check for the info in the audit policy but I doubt it can. Will have to see if I can find a tool or report that might give me more information in one overall reports - as the audit policy is time consuming to go through for each entry.
0 Likes
Reply
Pablo R. Ortiz

‎Feb 08 2018 05:00 AM

‎Feb 08 2018 05:00 AM

Re: Query on Audit Policy Alert

If you have Office 365 E5 then you can use "Office 365 Cloud App Security" for advanced alerts:

https://support.office.com/en-gb/article/get-ready-for-office-365-cloud-app-security-d9ee4d67-f2b3-4...

Also, you can play with with Powershell and the Saerch-UnifiedAuditLog cmdlet together with Send-MailMessage to generate your own customized reports.

https://technet.microsoft.com/en-us/library/mt238501%28v=exchg.160%29.aspx?f=255&MSPPError=-21472173...

https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/send-mailmessage?vie...

Please mark my reply as accepted if it helped. Thanks.

 

0 Likes
Reply