SOLVED

Alert when Sensitivity Label is changed

Occasional Contributor

We have successfully rolled out Unified Sensitivity Labels across our organization.  All users an admins subscribe to M365 E3.

 

I would like create an alert email which fires when a Sensitivity Label is replaced with a lower-order label on any document or email.  Ideally the alert should be sent to designated admins as well as the end user who first created the document or email.

 

The Activity Explorer logs such events, but I am struggling to find a way to create an alert.

 

Power Automate has an M365 Compliance connector but does not offer the triggers I need.

 

Insider Risk Management 'appears' to offer what I want - but wanted to check if other options exist before upgrading subscriptions.

 

Thanks

Warren.

 

 

 

17 Replies
Hello, now that actions on sensitivity labels are collected in the unified audit logs, you could set an alert when a new entry with your conditions is detected.

https://docs.microsoft.com/en-us/microsoft-365/compliance/search-the-audit-log-in-security-and-compl...

You will have to script this however
best response confirmed by WarrenGibbs (Occasional Contributor)
Solution

@Thijoubert - Many thanks!

@Thijoubert i didn't find how to implement alert when a sentive label is changed

Thnx @ChristianJBergstrom , i think that i had the other alert portal https://compliance.microsoft.com/alertpolicies
that's why i didn't find this alert policy
Yeah, I know. It's been like that for ages I'm afraid. Still most of them being available in the "legacy" activity alerts.

@ChristianJBergstrom 

I implemented this policy alerte to receive an email when someone change the label of a document : 

Zied01_0-1642675629834.png

But i did some test and doesn't work ..

You must give it propagation time, wait until tomorrow.

@ChristianJBergstrom 

 

problem persists, I tried to test with a change of labels of a document but I did not receive an alert

@Zied01 Hello, sorry for the late reply but I had to reproduce. I just now got my first email with an activity alert for a sensitivity label applied (FileSensitivityLabelApplied) and waiting for the other I set up called (FileSensitivityLabelChanged). Generally speaking these tend to be inconsistent, depending on the alert configured.

 

I assume you have enabled sensitivity label support for Office files in OneDrive and SharePoint Enable sensitivity labels for Office files in SharePoint and OneDrive - Microsoft 365 Compliance | M...

 

Have a look at Tony Redmonds script which extracts audit events from the Office 365 audit log as well Office365itpros/ReportSensitivityLabelsAuditRecords.ps1 at master · 12Knocksinna/Office365itpros (gi...

And now the FileSensitivityLabelChanged alert came. But, I have to say. The results are far from consistent as I have applied/changed on many files, so I suggest you take on another approach for your business case.

@ChristianJBergstrom 

 

Hi christian , 

 

the alert policy is configured as shown in this capture ! and the problem also i can't receive any alerte relative  to another action, such as downloaded file.. !!!!

 

the test is : i have a document is already labled , and i changed the label , but i don't receive the alert

Zied01_0-1643013794140.png

 

I know, and I told you in my post above. Don't use the activity alerts as they are inconsistent. Find another approach. You will see all events captured in the audit log though, so go there and search to get an overview to start with.
so what i can do in this way ? !!!!
You should reach out to the official Microsoft support.
i want to get an alerte when someone change the label and not only view this in the audite log
In my opinion, there isn't any way to get the report other than drill the audit report.
Correct me if I am wrong