


For more information, see RBAC permissions required to view alerts.Īn admin manages alerts in the compliance center. The alerts that an admin or other users can see that on the Alerts page is determined by the roles assigned to the user. Also, if email notifications are enabled for the alert policy, Microsoft sends a notification to a list of recipients. Microsoft 365 generates an alert that's displayed on the Alerts page in Microsoft 365 compliance center or Defender portal. In the case of malware attacks, infected email messages sent to users in your organization trigger an alert.

This is because the policy has to be synced to the alert detection engine.Ī user performs an activity that matches the conditions of an alert policy. It takes up to 24 hours after creating or updating an alert policy before alerts can be triggered by the policy.

To create alert policies, you have to be assigned the Manage Alerts role or the Organization Configuration role in the Microsoft 365 compliance center or the Defender portal. You can also create alert policies by using the New-ProtectionAlert cmdlet in Security & Compliance Center PowerShell. Here's a quick overview of how alert policies work and the alerts that are triggers when user or admin activity matches the conditions of an alert policy.Īn admin in your organization creates, configures, and turns on an alert policy by using the Alert policies page in the Microsoft 365 compliance center or the Microsoft 365 Defender portal. Also note that alert policies are available in Office 365 GCC, GCC High, and DoD US government environments. The functionality that requires an E5/G5 or add-on subscription is highlighted in this topic. Advanced functionality is only available for organizations with an E5/G5 subscription, or for organizations that have an E1/F1/G1 or E3/F3/G3 subscription and a Microsoft Defender for Office 365 P2 or a Microsoft 365 E5 Compliance or an E5 eDiscovery and Audit add-on subscription. Alert policies are available for organizations with a Microsoft 365 Enterprise, Office 365 Enterprise, or Office 365 US Government E1/F1/G1, E3/F3/G3, or E5/G5 subscription.
