When a very important file stored in OneDrive needs to be monitored. This is how to create an alert on file activity. We specifically want to monitor and alert on any activity done to the specific file by any user.
This example file is called HR.doc and is stored in OneDrive.
This is how we created an alert policy for file activity of the file “HR.doc”.
Open Office 365 Security & Compliance
Alerts > Alert Policies > New Policy
- Status – Enabled
- Severity – Medium
- Category – Information Governance
- Conditions – Activity is File Activity and File name is HR.doc
- Scope – All Users
- Email Recipients – email address
- Limit the number of notifications – optional. 5 in this example
Test the alert by trying to modify or access the file.
Alert email notification as shown below.
This logs an alert which then should be reviewed and investigated
Action the Alert
Today I’m looking at Microsoft 365 Enterprise Mobility + Security E3 and E5 Licenses and trying to work out which licenses I need and what the differences are. I’ve reviewed the guide on features and pricing, visit compare-plans-and-pricing
There are four key areas for Enterprise Mobility + Security:
- Identity and access management
- Managed mobile productivity
- Information protection
- Identity driven security
If you business it focused on Enterprise Mobility + Security E5 licenses but you need to save costs, its certainly worth reviewing what features your using and what is available / partially included in an Enterprise Mobility + Security E3 license. Microsoft would describe the differences as “Enterprise Mobility + Security E5 includes new and advanced security capabilities that make up our holistic and innovative approach to security for the mobile enterprise. Some E5 capabilities were previously only available as standalone products, such as Microsoft Cloud App Security, or as products in preview, such as Microsoft Azure Active Directory Identity Protection, Azure Active Directory Privileged Identity Management, and Azure Information Protection.”
A break down of the Key Additional Features in E5 and not in E3.
This is a quick break down of the additional features in the E5 license you don’t get in E3 currently. (Please check again, this is not a live feature list)
- Register MFA – All Users
- Password changed (High risk users)
- Require MFA for medium to high risk users
- Manage, Control and monitor important information or resources
- Automate the classification and labelling process ( Personal interpretation, not sure if that terminology is correct)
- Azure identity Protection which can be leveraged in CA. Identity Protection Policies example
- CASB Cloud Access Security Broker
- Detect, Identify Abnormalities, Advanced Attacks
So does you business have any other 3rd party tools already providing the features of E5? It might be worth noting some components Enterprise Mobility + Security E5 can be purchased separately, but the logic is a suite gives more value in a bundle.
Another good option to get hands on and try the full E5 license, why not run a PoC to see if the features of Enterprise Mobility + Security E5 with a free Trial (90 days offered when I wrote this)?
I hope this post helped, additional information is available direct from the Microsoft Site.
Apologise if any information is incorrect, this is just a personal review and no way related to Microsoft.
Security and Compliance Admin Center in Office 365 you can create alert policys.
Todays challenge was to setup an Alert Policy so an admin is notifed if a user adds a file to OneDrive or SharePoint containing Malware.
Start in “Office 365 Security & Compliance > Alerts Dashboard > New Alert Policy
I started by creating an Alert, selecting Threat Management & High Severity
Set the Trigger “Detected malware in file”
Select the Admins to be notified. I set a daily limit notification limit of 5 so I’m not get overloaded with the same alert.
Then “Finish” you have the option to turn the policy on or off
View “Alert polices”