Feb 08 2018 03:31 AM
Hi there
I have sharing alert setup in the Office 365 DLP audit policy, just wondering if anyone knows a way to get an alert that has more information - like who the file or site was shared with as this information does not seem to be in the alert?
Also is there a way for sharing alerts on certain sites to be sent to one person and on other sites to another person?
Thanks
Gerry
Feb 08 2018 04:07 AM - edited Feb 08 2018 04:09 AM
If you go to the details of the activity detected by the alert, you can check if the content was shared with a Guest account, or by a sharing link, etc.
Also, when searching the audit logs you can filter by element (site, library, etc) and convert that to a policy, which for every ítem could sent alert emails to different recipients.
Feb 08 2018 04:19 AM
Feb 08 2018 05:00 AM
If you have Office 365 E5 then you can use "Office 365 Cloud App Security" for advanced alerts:
Also, you can play with with Powershell and the Saerch-UnifiedAuditLog cmdlet together with Send-MailMessage to generate your own customized reports.
Please mark my reply as accepted if it helped. Thanks.