Block downloads if a threshold has reached

Copper Contributor

I need to implement a policy that triggers an alert if the number of allowed downloads exceeded a threshold; i.e 20 files per hour. If it does, an alert is triggered and action should be applied.

I implement an alert policy to trigger this type of alert, but I can't implement the action that should be taken if there are policy matches.

How can I apply that?

2 Replies
Which one do you want to configure, blocking downloads is quite different action compared to generating an alert? In fact for the former, the only OOTB controls we have are part of MCAS: https://docs.microsoft.com/en-us/cloud-app-security/protect-office-365#control-office-365-with-built...
Or you can build a custom solution that fetches the corresponding events from the audit log.

As for alerting, you should be able to do this via Alert policies/protection alerts: https://docs.microsoft.com/en-us/microsoft-365/compliance/alert-policies?view=o365-worldwide

@Vasil Michev 
Actually, what I am trying to do is that: 
I implemented an alert policy that triggers an alert if a user downloads more than 15 files/hour, so as a next step, I'm trying to configure an action that should be applied if there are policy matches. 
How can I implement this action?