In this article we will show you how to setup log alert polcies for Office 365 administrators. There is a long list of alerts that can be configured, see list below. Before you begin you will need to enable audit logging in the new Office 365 Security & Compliance Center.
Enable Audit Logging
- Login to the Security & Compliance Center at https://protection.office.com
- Click Start recording user and admin activity on the Audit log search page.
It may take several hours to be enabled and for logs to appear.
Grant Required Permissions to be able to create alert policies
To be able to create new alert policies you must add your Office 365 user account to the Security Administrator group within Security & Compliance center. These steps must be done even if you are already an Office 365 Administrator.
Create a new log alert policy
When you visit the Alerts | Alert policies page you will see that Microsoft has created some preconfigured alerts. For this example we are going to create our own log alert that fires everytime an Office 365 user creates an anonymous share link from OneDrive or Sharepoint. This is a good alert to have configured since anonymous links can lead to data leakage.
1. Choose Alerts | Alert policies from the left nav menu and click the blue + New alert policy button.
If you do not see this blue button you will need to grant yourself the required permissions within Security & Compliance center, see steps above.
2. Give your alert a Name, Description, and Severity then click Next.
3.Chose the activity you would like to alert on, in this example choose User Created an anonymous link and click Next.
For any other concerns related to Office 365 plan and subscriptions. You can reach out to us by submitting a ticket on our portal https://cloud.foetron.com/ or you can directly mail us at firstname.lastname@example.org. Check out our website www.foetron.com to know about the services offered by us.