SOLVED

Office 365 and managing default alerts

%3CLINGO-SUB%20id%3D%22lingo-sub-390812%22%20slang%3D%22en-US%22%3EOffice%20365%20and%20managing%20default%20alerts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-390812%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20there%2C%3C%2FP%3E%3CP%3EHas%20anybody%20success%20to%20modify%20the%20thresholds%20for%20the%20default%20alerst%3F%20For%20example%3A%3C%2FP%3E%3CP%3E%26nbsp%3B-%20-%20-%20-%20-%20-%20-%20-%20-%20-%20-%20-%20-%20-%20-%20-%20-%20-%20-%20-%20-%20-%20-%20-%20-%26nbsp%3B%3C%2FP%3E%3CP%3E%3CEM%3E%3CSTRONG%3EA%20medium-severity%20alert%20has%20been%20triggered%3C%2FSTRONG%3E%3C%2FEM%3E%3C%2FP%3E%3CP%3E%3CEM%3EUnusual%20volume%20of%20file%20deletion%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3ESeverity%3A%20Medium%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3EActivity%3A%20FileDeleted%3C%2FEM%3E%3CBR%20%2F%3E%3CEM%3EDetails%3A%2090%20matched%20activities%20in%205%20minutes.%3C%2FEM%3E%3C%2FP%3E%3CP%3E%26nbsp%3B-%20-%20-%20-%20-%20-%20-%20-%20-%20-%20-%20-%20-%20-%20-%20-%20-%20-%20-%20-%20-%20-%20-%20-%20-%26nbsp%3B%3C%2FP%3E%3CP%3EYes%2C%20I%20can%20disable%20that%2C%20but%20it%20is%20not%20the%20point.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-390812%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ETraining%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-391615%22%20slang%3D%22en-US%22%3ERe%3A%20Office%20365%20and%20managing%20default%20alerts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-391615%22%20slang%3D%22en-US%22%3E%3CP%3EThank%20you%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E.%20Not%20the%20answer%20I%20wish%20to%20hear%2C%20but%20that%20is%20what%20we%20get%20from%20clouds.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-391034%22%20slang%3D%22en-US%22%3ERe%3A%20Office%20365%20and%20managing%20default%20alerts%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-391034%22%20slang%3D%22en-US%22%3E%3CP%3ENo.%20That's%20one%20of%20the%20%22anomaly%20detection%22%20policies%20which%20apparently%20use%20some%20ML%20models%20and%20should%20apply%20different%20criteria%20for%20different%20users.%20You%20can%20simply%20disable%20this%20and%20create%20an%20alert%20with%20pre-set%20criteria%20for%20the%20delete%20operation.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Super Contributor

Hi there,

Has anybody success to modify the thresholds for the default alerst? For example:

 - - - - - - - - - - - - - - - - - - - - - - - - - 

A medium-severity alert has been triggered

Unusual volume of file deletion
Severity: Medium
Activity: FileDeleted
Details: 90 matched activities in 5 minutes.

 - - - - - - - - - - - - - - - - - - - - - - - - - 

Yes, I can disable that, but it is not the point.

2 Replies
Highlighted
Best Response confirmed by Petri X (Super Contributor)
Solution

No. That's one of the "anomaly detection" policies which apparently use some ML models and should apply different criteria for different users. You can simply disable this and create an alert with pre-set criteria for the delete operation.

Highlighted

Thank you @Vasil Michev. Not the answer I wish to hear, but that is what we get from clouds.