Alert Profiles

This section allows you to add a new alert profile under a particular category. You can also choose severity and actions for the alerts. The profile can then be viewed in the Alert Tab, under the configured Service and Category.

Under this section you can:

Prerequisite: Please ensure if you have enabled auditing to be able to add an alert profile.

To add a new alert profile

  • Go to the Settings tab.
  • Select Configuration → Audit Configuration → Alert Profiles in the left pane.
  • Click Add profile.
  • In the profile configuration page,
    • Provide a Profile Name, and a Description that describes the alert profile.
    • Select the Microsoft 365 service and the Category from the respective drop-down lists.
    • Select the activities that must be audited. Multiple actions can be selected.
    • Choose the Severity level of the profile.
    • Provide an Alert Message that must be displayed in the product.
    • Click on Advanced Configuration to configure the email notification, and filter criteria.
      • Under the Notification tab, choose the Email every alerts corresponding to this profile option, and select the notification template to be used.
      • Under the Filter Criteria tab, select the Business Hours option, to choose whether the the alert must be triggered for event happening during business or non-business hours. If you haven't configured your business hours in the tool, you will be prompted to configure before using this feature. Click here to know how to configure your business hours.
      • Select the Filter option to set attribute-based conditions based on which the audit logs must be filtered. Use the + option to add multiple conditions.
    • Click Add.
    • Now you will be taken to the Configure Profile page, where you can see the alert profile you created listed in the table along with other profiles. Click on the alert profile to view its details.
  • In the Filter section, the attribute Target refers to the object on which the action must be performed, and Caller refers to the object which performs the action.
  • Macros are pre-defined keywords that auto-fill entries and can be used to customize mailers specific to the recipient.
  • The audit report generated for the group will constitute all the members present in the group, at the time of view.

View an existing profile

  • Go to the Settings tab.
  • Select Configuration → Audit Configuration → Alert Profiles in the left pane.
  • Click Search icon if you are looking for a specific alert.
  • You can view alerts of a specific Microsoft 365 Service or/and Category by clicking the corresponding tab
  • You can also view Enabled/Disabled alerts using the Filter option found at the top right corner of the table.

Modify an existing profile

  • Go to the Settings tab.
  • Select Configuration → Audit Configuration → Alert Profiles in the left pane.
  • Select the checkbox corresponding to the alert that you wish to modify. You can select multiple alerts.
  • Select Manage drop-down found at the left corner of the table.
    • Click Enable icon under Actions column, if you wish to enable a disabled alert.
    • Click Disable under Actions column, if you wish to disable an enabled alert.
    • Click Edit under Actions column, to make any changes to the existing alert.

Delete an existing profile

  • Go to the Settings tab.
  • Select Configuration → Audit Configuration → Alert Profiles in the left pane.
  • Click Delete, if you wish to remove an existing profile.You can perform bulk operations by choosing multiple profiles.
  • Click on Alert Settings to delete alters older than days you specify.

Configure retention period for alerts

You need to configure the number of days for which the alert messages must be retained, for better disk space management. Once configured the alert messages older than the retention period will be automatically deleted.

  • Go to the Settings tab.
  • Choose Configuration → Audit Configuration → Alert Profiles from the left pane.
  • In the page you see, select the Alert Settings option found in the top right corner.
  • Select theĀ Delete alerts older than check box, andĀ provide the number of days for which the alert messages must be retained in the text box found.

Targets:

These are objects on which mailbox login, delete modification and more such events can be performed. They are further classified as users and groups.Target users constitute all the Azure Active Directory user accounts.

Callers:

These are objects who perform events like mailbox login, deletion, creation and much more on the Target Objects.

They are further classified as users and groups.Target users constitute all the Azure Active Directory user accounts.

Report Generation:

When you want to generate a report, you can choose the corresponding users as well as groups and a cumulative report will be generated. For Target Groups, the report will be generated only for current group members.

For example, assume that mailbox 'A' has been delegated to user 'X' and 'Y'. In order to create a profile, which will report the non-owner accesses of mailbox "A", the Target will be Mailbox A and the Callers can be anyone.

Get download link