Aug 20 2020 08:59 AM
I want to create a policy to generate an alert if anyone sends an email to the personal email address based on UPN suffix or Location.
Example:- User location is from United Kingdome, South Africa, and India or UPN suffix is xyz.com, abc.com
I created the policy based on the Investigation Log search but the policy is getting triggered, however, i am able to see the correct output through the same investigation search.
Please suggest anything
Aug 20 2020 01:07 PM
Hi, so just to be clear - are you saying that the policy is not being triggered?
If so, how long ago did you create the policy? It can be known for MCAS policies to take up to 24 hours to take effect.
Aug 20 2020 01:16 PM
@PeterRising Thanks for responding to post, Yes I would say it's not been triggered or the filters I used to create the policy not correct to trigger the policy to generate the alerts for the type of activity I am looking for. I guess it's already been more than 4 days when I created the policy.
Aug 21 2020 05:04 AM
OK, I'm trying this in my own tenant to see what results I get. I'll let you know what I find out.