Query on Audit Policy Alert

Gerry Morley
Occasional Contributor

Hi there


I have sharing alert setup in the Office 365 DLP audit policy, just wondering if anyone knows a way to get an alert that has more information  - like who the file or site was shared with as this information does not seem to be in the alert?


Also is there a way for sharing alerts on certain sites to be sent to one person and on other sites to another person?




3 Replies

If you go to the details of the activity detected by the alert, you can check if the content was shared with a Guest account, or by a sharing link, etc.

Also, when searching the audit logs you can filter by element (site, library, etc) and convert that to a policy, which for every ítem could sent alert emails to different recipients.





@Pablo R. Ortiz Thanks for that - good to know. Would be great if that detail could be in the email to save having to check for the info in the audit policy but I doubt it can. Will have to see if I can find a tool or report that might give me more information in one overall reports - as the audit policy is time consuming to go through for each entry.

If you have Office 365 E5 then you can use "Office 365 Cloud App Security" for advanced alerts:


Also, you can play with with Powershell and the Saerch-UnifiedAuditLog cmdlet together with Send-MailMessage to generate your own customized reports.



Please mark my reply as accepted if it helped. Thanks.


Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies