Forum Discussion
Block downloads if a threshold has reached
I need to implement a policy that triggers an alert if the number of allowed downloads exceeded a threshold; i.e 20 files per hour. If it does, an alert is triggered and action should be applied.
I implement an alert policy to trigger this type of alert, but I can't implement the action that should be taken if there are policy matches.
How can I apply that?
2 Replies
- Which one do you want to configure, blocking downloads is quite different action compared to generating an alert? In fact for the former, the only OOTB controls we have are part of MCAS: https://docs.microsoft.com/en-us/cloud-app-security/protect-office-365#control-office-365-with-built-in-policies-and-policy-templates
Or you can build a custom solution that fetches the corresponding events from the audit log.
As for alerting, you should be able to do this via Alert policies/protection alerts: https://docs.microsoft.com/en-us/microsoft-365/compliance/alert-policies?view=o365-worldwideVasilMichev
Actually, what I am trying to do is that:
I implemented an alert policy that triggers an alert if a user downloads more than 15 files/hour, so as a next step, I'm trying to configure an action that should be applied if there are policy matches.
How can I implement this action?
