These two settings help you manage alert policies (and the alerts that are triggered when the policy conditions are matched) because you can filter on these settings when managing policies and viewing alerts in the Microsoft Purview compliance portal. You also categorize the policy and assign it a severity level. Managing alerts consists of assigning an alert status to help track and manage any investigation.Īn alert policy consists of a set of rules and conditions that define the user or admin activity that generates an alert, a list of users who trigger the alert if they perform the activity, and a threshold that defines how many times the activity has to occur before an alert is triggered. For more information, see RBAC permissions required to view alerts.Īn admin manages alerts in the Microsoft Purview compliance portal. The alerts that an admin or other users can see that on the Alerts page is determined by the roles assigned to the user.
Also, if email notifications are enabled for the alert policy, Microsoft sends a notification to a list of recipients. Microsoft 365 generates an alert that's displayed on the Alerts page in compliance portal or Defender portal. In the case of malware attacks, infected email messages sent to users in your organization trigger an alert. This is because the policy has to be synced to the alert detection engine.Ī user performs an activity that matches the conditions of an alert policy. It takes up to 24 hours after creating or updating an alert policy before alerts can be triggered by the policy.
0 kommentar(er)
