We're planning to create an Azure AD Security group which would have high priviliges on all the SharePoint Online site collections and I'm looking for a way to receive email alerts for all the modifications made to this group ( addition and deletion of members ) . We would like to receive these email alerts to a specific DL . Could someone please guide me on how to achieve this ? I guess a SIEM or a CASB can help here but do we have something inhouse in Office 365 that can do the trick ?
In general you should be able to configure an Activity alert (https://protection.office.com/#/managealerts). However, Microsoft has removed the "new" button and instead is forcing you to use the "Activity policies" functionality, which requires additional licensing...
So I guess the answer will be to build your own solution that periodically examines the unified audit log for any events related to the security group(s) in question and sends email notifications accordingly. Some third-party tools can offer this.
Thank you for the answer @Vasil Michev. Could you please explain on additional licensing required for this Alerts?. In this article, I could see default alert policies requires E1 or E3 or E5 subscription. Does this mean alerting functionalities requires additional licensing?
I believe this article is incorrect, as in my E1 test tenant I don't have any way to create Alert policies. I can still create Activity alerts via the URL I linked above, but for Activity policies you will need E5 or the standalone Office 365 Threat Intelligence or Office 365 Advanced Compliance licenses.