Forum Discussion
Query on Audit Policy Alert
Hi there
I have sharing alert setup in the Office 365 DLP audit policy, just wondering if anyone knows a way to get an alert that has more information - like who the file or site was shared with as this information does not seem to be in the alert?
Also is there a way for sharing alerts on certain sites to be sent to one person and on other sites to another person?
Thanks
Gerry
If you go to the details of the activity detected by the alert, you can check if the content was shared with a Guest account, or by a sharing link, etc.
Also, when searching the audit logs you can filter by element (site, library, etc) and convert that to a policy, which for every ítem could sent alert emails to different recipients.
- Pablo R. Ortiz Thanks for that - good to know. Would be great if that detail could be in the email to save having to check for the info in the audit policy but I doubt it can. Will have to see if I can find a tool or report that might give me more information in one overall reports - as the audit policy is time consuming to go through for each entry.
If you have Office 365 E5 then you can use "Office 365 Cloud App Security" for advanced alerts:
Also, you can play with with Powershell and the Saerch-UnifiedAuditLog cmdlet together with Send-MailMessage to generate your own customized reports.
Please mark my reply as accepted if it helped. Thanks.
