Aug 25 2018
07:29 PM
- last edited on
Feb 07 2023
07:44 PM
by
TechCommunityAP
Aug 25 2018
07:29 PM
- last edited on
Feb 07 2023
07:44 PM
by
TechCommunityAP
I want to be able to configure the Office 365 alerts using PowerShell. To do this, as I understand it I need to use the cmdlet new-protcetionalert. However, when I use this I get an error like:
"Creating advanced alert policies requires an Office 365 E5 subscription or Office 365 E3 subscription with an Office 365
Threat Intelligence or Office 365 EquivioAnalytics add-on subscription for your organization. With your current subscription, only single event alert can be created."
However, if I go in via the web console I can configure a range of alerts for tenant without E5 or Threat Intelligence addin. Thus, it isn't a licensing issue as I can create alerts via the web, just seems to be an issue with PowerShell.
Does anyone have an idea on how to use the new-protectionalert cmdlet for tenants without E5 to save me from manually using the web interface for every different tenant??
Aug 26 2018 11:23 PM
Try the Get-ActivityAlert/New-ActivityAlert istead.
Aug 26 2018 11:59 PM
I have already set these 'Activity Alerts' via PowerShell. They work as expected. These however are not the same currently as the ones I am trying to set here.
Thus, there are two types of O365 alerts, old ones (new-activityalert) and new ones (new-protectionalert).
New alerts are here -
https://protection.office.com/#/alertpolicies
Old Alerts are here -
https://protection.office.com/#/managealerts
If you look at the doc page for new-protectionalert - https://docs.microsoft.com/en-us/powershell/module/exchange/policy-and-compliance/new-protectionaler... there ain't much there.
Doing these new alerts via PowerShell will save so much time but even though we can do them via the web interface we can't do via scripting!
Aug 27 2018 10:52 PM
The ones you refer to as "new" have always required E5/TI (you can even see the difference in name - "alert *policies*", as they relate to CAS/ASM).
Aug 27 2018 10:55 PM
If they are E5 only why can I set them in the web interface for with any SKU??
I can set these alerts via all plans in web interface but not via PowerShell.
Aug 27 2018 11:19 PM
Probably because you are not actually creating a "protection" alert. The easiest way to check this is to look at the available options on the "create alert settings" page of the wizard - if you only see "Every time an activity matches the rule", that's the "old" alert type. They are simply grouped together under the same UI item now.
Aug 27 2018 11:35 PM
I am indeed creating pure Protection Alerts, like this:
These option are not available in activity alerts.
Again this alerts works via web interface on all SKU but I can't configure by PowerShell. This I don't understand.
Sep 06 2018 05:24 AM
Solutionhe solution to this problem turns out to be the inclusion of the following command:
-aggregationtype none
which limits the creation of alerts to a single item which is supported by all SKUs. Add that to the command and you are off to the races.
Sep 06 2018 05:24 AM
Solutionhe solution to this problem turns out to be the inclusion of the following command:
-aggregationtype none
which limits the creation of alerts to a single item which is supported by all SKUs. Add that to the command and you are off to the races.