Alerts profiles

This document takes you through the steps to,

To add a new alert profile

  1. Go to the Settings tab.
  2. Select Configuration → Audit Configuration → Alert Profiles in the left pane.
  3. Click Add profile.
  4. In the profile configuration page,
    • Provide a Profile Name, and a Description that describes the alert profile.
    • Select the Microsoft 365 service and the Category from the respective drop-down lists.
    • Select the activities that must be audited. Multiple actions can be selected.
    • Choose the Severity level of the profile.
    • Provide an Alert Message that must be displayed in the product.
    • Click on Advanced Configuration to configure the email notification, and filter criteria.
      • Under the Notification tab, choose the Email every alerts corresponding to this profile option, and select the notification template to be used.
      • Under the Filter Criteria tab, select Alerts Threshold, and specify the minimum number of events that will trigger the alert and the time interval within which these events should occur. You can also group events by attributes such as country, status, and operation.
      • For example, to receive an alert for each user who fails to log in five times within three minutes, the entries should be:
        • Number of events: 5
        • Time in minutes: 3
        • Grouped by: User
      • Under the Filter Criteria tab, select the Business Hours option, to choose whether the the alert must be triggered for event happening during business or non-business hours. If you haven't configured your business hours in the tool, you will be prompted to configure before using this feature. Click here to know how to configure your business hours.
      • Select the Filter option to set attribute-based conditions based on which the audit logs must be filtered. Use the + option to add multiple conditions.
    • Click Add.
    • Now you will be taken to the Configure Profile page, where you can see the alert profile you created listed in the table along with other profiles. Click on the alert profile to view its details.
  • In the Filter section, the attribute Target refers to the object on which the action must be performed, and Caller refers to the object which performs the action.
  • Macros are pre-defined keywords that auto-fill entries and can be used to customize mailers specific to the recipient.
  • The audit report generated for the group will constitute all the members present in the group, at the time of view.

View an existing profile

Modify an existing profile

Delete an existing profile

Configure retention period for alerts

You need to configure the number of days for which the alert messages must be retained, for better disk space management. Once configured the alert messages older than the retention period will be automatically deleted.

Target Objects

These are objects on which mailbox login, delete modification and more such events can be performed. They are further classified as users and groups.Target users constitute all the Azure Active Directory user accounts. Target groups are the Active Directory groups.

Target Callers

These are objects who perform events like mailbox login, deletion, creation and much more on the Target Objects.

They are further classified as users and groups.Target users constitute all the Azure Active Directory user accounts. Target groups are the Active Directory groups.

Report Generation

When you want to generate a report, you can choose the corresponding users as well as groups and a cumulative report will be generated. For Target Groups, the report will be generated only for current group members.

For example, assume that mailbox 'A' has been delegated to user 'X' and 'Y'. In order to create a profile, which will report the non-owner accesses of mailbox "A", the Target Object will be Mailbox A and the Target Callers will be Users X and Y.

Don't see what you're looking for?

  •  

    Visit our community

    Post your questions in the forum.

     
  •  

    Request additional resources

    Send us your requirements.

     
  •  

    Need implementation assistance?

    Try onboarding

     

Copyright © 2023, ZOHO Corp. All Rights Reserved.