08-25-2018 07:29 PM
08-25-2018 07:29 PM
I want to be able to configure the Office 365 alerts using PowerShell. To do this, as I understand it I need to use the cmdlet new-protcetionalert. However, when I use this I get an error like:
"Creating advanced alert policies requires an Office 365 E5 subscription or Office 365 E3 subscription with an Office 365
Threat Intelligence or Office 365 EquivioAnalytics add-on subscription for your organization. With your current subscription, only single event alert can be created."
However, if I go in via the web console I can configure a range of alerts for tenant without E5 or Threat Intelligence addin. Thus, it isn't a licensing issue as I can create alerts via the web, just seems to be an issue with PowerShell.
Does anyone have an idea on how to use the new-protectionalert cmdlet for tenants without E5 to save me from manually using the web interface for every different tenant??
08-26-2018 11:59 PM
I have already set these 'Activity Alerts' via PowerShell. They work as expected. These however are not the same currently as the ones I am trying to set here.
Thus, there are two types of O365 alerts, old ones (new-activityalert) and new ones (new-protectionalert).
New alerts are here -
Old Alerts are here -
If you look at the doc page for new-protectionalert - https://docs.microsoft.com/en-us/powershell/module/exchange/policy-and-compliance/new-protectionaler... there ain't much there.
Doing these new alerts via PowerShell will save so much time but even though we can do them via the web interface we can't do via scripting!
08-27-2018 10:52 PM
The ones you refer to as "new" have always required E5/TI (you can even see the difference in name - "alert *policies*", as they relate to CAS/ASM).
08-27-2018 10:55 PM
If they are E5 only why can I set them in the web interface for with any SKU??
I can set these alerts via all plans in web interface but not via PowerShell.
08-27-2018 11:19 PM
Probably because you are not actually creating a "protection" alert. The easiest way to check this is to look at the available options on the "create alert settings" page of the wizard - if you only see "Every time an activity matches the rule", that's the "old" alert type. They are simply grouped together under the same UI item now.
08-27-2018 11:35 PM
I am indeed creating pure Protection Alerts, like this:
These option are not available in activity alerts.
Again this alerts works via web interface on all SKU but I can't configure by PowerShell. This I don't understand.
09-06-2018 05:24 AMSolution
he solution to this problem turns out to be the inclusion of the following command:
which limits the creation of alerts to a single item which is supported by all SKUs. Add that to the command and you are off to the races.