Hey All,

Stumbled accross two problems with Security & Compliance alert.

One is - I'm testing alert for forwarding / flow that forwards emails outside of the company - this seems to work with some big delay, and maybe it wouldn't be an issue however appeared that it only works for OWA created rules - not by the ones created in Outlook - is there a way to track such rules as well in this portal?

Second thing is I've created rule that - in my understanding - set up a full access on a mailbox - activity "Activity is AddMailboxPermission", but seems it doesn't work, I've set up these permissions on one user mailbox and one shared - and see nothing in the alerts, am I doing this well?

While I was showing to my colleague it doesn;t work he added permissions to some mailbox and we've seen this action in alerts - so seems that there is a bigger delay than I thought for these policies to become effective.

My other concern is how this flow search works, as as of now I am not aware of any of the PS cmdlet giving me the exact mechanism of a flow, so not sure how MS covered that - I mean if it really works, as many things are given to prod and do not work as expected.

Disclaimer: I know how to track these in PowerShell - I wrote scripts already, however I would like to leverage mechanisms and alerting provided by MS for o365 rather than using custom solutions. However so far, seems I would need to have some runbooks as so far haven't found solutions for these.

Appreciate your help,

Pawel