SOLVED

Alert when Sensitivity Label is changed

%3CLINGO-SUB%20id%3D%22lingo-sub-2854413%22%20slang%3D%22en-US%22%3EAlert%20when%20Sensitivity%20Label%20is%20changed%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2854413%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20successfully%20rolled%20out%20Unified%20Sensitivity%20Labels%20across%20our%20organization.%26nbsp%3B%20All%20users%20an%20admins%20subscribe%20to%20M365%20E3.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20would%20like%20create%20an%20alert%20email%20which%20fires%20when%20a%20Sensitivity%20Label%20is%20replaced%20with%20a%20lower-order%20label%20on%20any%20document%20or%20email.%26nbsp%3B%20Ideally%20the%20alert%20should%20be%20sent%20to%20designated%20admins%20as%20well%20as%20the%20end%20user%20who%20first%20created%20the%20document%20or%20email.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20Activity%20Explorer%20logs%20such%20events%2C%20but%20I%20am%20struggling%20to%20find%20a%20way%20to%20create%20an%20alert.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPower%20Automate%20has%20an%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-gb%2Fconnectors%2Fmicrosoft365compliance%2F%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3EM365%20Compliance%20connector%3C%2FA%3E%20but%20does%20not%20offer%20the%20triggers%20I%20need.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EInsider%20Risk%20Management%20'appears'%20to%20offer%20what%20I%20want%20-%20but%20wanted%20to%20check%20if%20other%20options%20exist%20before%20upgrading%20subscriptions.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3CP%3EWarren.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2854413%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EMicrosoft%20365%20Compliance%20Center%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2860768%22%20slang%3D%22en-US%22%3ERe%3A%20Alert%20when%20Sensitivity%20Label%20is%20changed%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2860768%22%20slang%3D%22en-US%22%3EHello%2C%20now%20that%20actions%20on%20sensitivity%20labels%20are%20collected%20in%20the%20unified%20audit%20logs%2C%20you%20could%20set%20an%20alert%20when%20a%20new%20entry%20with%20your%20conditions%20is%20detected.%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fcompliance%2Fsearch-the-audit-log-in-security-and-compliance%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fcompliance%2Fsearch-the-audit-log-in-security-and-compliance%3Fview%3Do365-worldwide%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EYou%20will%20have%20to%20script%20this%20however%3C%2FLINGO-BODY%3E
Occasional Contributor

We have successfully rolled out Unified Sensitivity Labels across our organization.  All users an admins subscribe to M365 E3.

 

I would like create an alert email which fires when a Sensitivity Label is replaced with a lower-order label on any document or email.  Ideally the alert should be sent to designated admins as well as the end user who first created the document or email.

 

The Activity Explorer logs such events, but I am struggling to find a way to create an alert.

 

Power Automate has an M365 Compliance connector but does not offer the triggers I need.

 

Insider Risk Management 'appears' to offer what I want - but wanted to check if other options exist before upgrading subscriptions.

 

Thanks

Warren.

 

 

 

2 Replies
Hello, now that actions on sensitivity labels are collected in the unified audit logs, you could set an alert when a new entry with your conditions is detected.

https://docs.microsoft.com/en-us/microsoft-365/compliance/search-the-audit-log-in-security-and-compl...

You will have to script this however
best response confirmed by WarrenGibbs (Occasional Contributor)
Solution

@Thijoubert - Many thanks!