Alert policy - Add mailbox permission - No detailed alert.

Brass Contributor

Hi Community, 


I've created Alert policy that whenever someone get mailbox permissions added it should be notified to the Global administrator and it works. However, the alert doesn't have the detailed report of which is the user mailbox and who was added for mailbox permissions etc. We've just got the below alert report.


How to get the detailed alert saying which is the user mailbox and who was added for mailbox permissions etc. Any help would be much appreciated. 


A high-severity alert has been triggered

Add Mailbox Permission policy

Severity: High

Time: 6/28/2023 1:45:00 PM (UTC)

Activity: AddMailboxPermission

User: email address removed for privacy reasons

Details: AddMailboxPermission. This alert is triggered whenever someone gets access to read your user's email.

See details in the Microsoft 365 Security Center. 

2 Replies
Which product was that alert policy created in ? Was it an advanced hunting Custom Detection or was it a policy in Defender for Cloud Apps ?

Thank you for the response. 

I've created the alert policy as detailed in this post and getting the alert as per the screenshot I attached in my initial ask,


However, the challenge is the alert doesn't help to understand whose  mailbox was given full access permission and who takes full access permissions and all.


Getting just the alert notification but it doesn't say the above details. Please help which alert policy helps us giving the detailed report.