Microsoft Secure Tech Accelerator
Apr 13 2023, 07:00 AM - 12:00 PM (PDT)
Microsoft Tech Community

Activity Policy for Sending email to personal Email address

New Contributor

I want to create a policy to generate an alert if anyone sends an email to the personal email address based on UPN suffix or Location.


Example:- User location is from United Kingdome, South Africa, and India or UPN suffix is,


I created the policy based on the Investigation Log search but the policy is getting triggered, however, i am able to see the correct output through the same investigation search.




Please suggest anything


3 Replies



Hi, so just to be clear - are you saying that the policy is not being triggered?


If so, how long ago did you create the policy?  It can be known for MCAS policies to take up to 24 hours to take effect.

@PeterRising Thanks for responding to post, Yes I would say it's not been triggered or the filters I used to create the policy not correct to trigger the policy to generate the alerts for the type of activity I am looking for. I guess it's already been more than 4 days when I created the policy.





OK, I'm trying this in my own tenant to see what results I get.  I'll let you know what I find out.