Home

Query on Audit Policy Alert

Highlighted
Gerry Morley
Occasional Contributor

Hi there

 

I have sharing alert setup in the Office 365 DLP audit policy, just wondering if anyone knows a way to get an alert that has more information  - like who the file or site was shared with as this information does not seem to be in the alert?

 

Also is there a way for sharing alerts on certain sites to be sent to one person and on other sites to another person?

 

Thanks

Gerry

3 Replies

If you go to the details of the activity detected by the alert, you can check if the content was shared with a Guest account, or by a sharing link, etc.

Also, when searching the audit logs you can filter by element (site, library, etc) and convert that to a policy, which for every ítem could sent alert emails to different recipients.

 

ShareLink.JPGShareWith.JPG

ShareAlert.JPG

 

@Pablo R. Ortiz Thanks for that - good to know. Would be great if that detail could be in the email to save having to check for the info in the audit policy but I doubt it can. Will have to see if I can find a tool or report that might give me more information in one overall reports - as the audit policy is time consuming to go through for each entry.

If you have Office 365 E5 then you can use "Office 365 Cloud App Security" for advanced alerts:

https://support.office.com/en-gb/article/get-ready-for-office-365-cloud-app-security-d9ee4d67-f2b3-4...

Also, you can play with with Powershell and the Saerch-UnifiedAuditLog cmdlet together with Send-MailMessage to generate your own customized reports.

https://technet.microsoft.com/en-us/library/mt238501%28v=exchg.160%29.aspx?f=255&MSPPError=-21472173...

https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/send-mailmessage?vie...

Please mark my reply as accepted if it helped. Thanks.

 

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies