cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Block downloads if a threshold has reached

aateeq-n
New Contributor

‎Jul 17 2021 10:36 PM - last edited on ‎Feb 01 2023 09:56 AM by

‎Jul 17 2021 10:36 PM - last edited on ‎Feb 01 2023 09:56 AM by

Block downloads if a threshold has reached

I need to implement a policy that triggers an alert if the number of allowed downloads exceeded a threshold; i.e 20 files per hour. If it does, an alert is triggered and action should be applied.

I implement an alert policy to trigger this type of alert, but I can't implement the action that should be taken if there are policy matches.

How can I apply that?

476 Views
0 Likes
2 Replies
Reply
2 Replies
Vasil Michev

‎Jul 18 2021 01:15 AM

‎Jul 18 2021 01:15 AM

Re: Block downloads if a threshold has reached

Which one do you want to configure, blocking downloads is quite different action compared to generating an alert? In fact for the former, the only OOTB controls we have are part of MCAS: https://docs.microsoft.com/en-us/cloud-app-security/protect-office-365#control-office-365-with-built...
Or you can build a custom solution that fetches the corresponding events from the audit log.

As for alerting, you should be able to do this via Alert policies/protection alerts: https://docs.microsoft.com/en-us/microsoft-365/compliance/alert-policies?view=o365-worldwide
0 Likes
Reply
aateeq-n

‎Jul 18 2021 02:55 AM

‎Jul 18 2021 02:55 AM

Re: Block downloads if a threshold has reached

@Vasil Michev 
Actually, what I am trying to do is that: 
I implemented an alert policy that triggers an alert if a user downloads more than 15 files/hour, so as a next step, I'm trying to configure an action that should be applied if there are policy matches. 
How can I implement this action?

0 Likes
Reply