Office 365 Security and Compliance – Alert When A Specific File Is Accessed

When a very important file stored in OneDrive needs to be monitored. This is how to create an alert on file activity. We specifically want to monitor and alert on any activity done to the specific file by any user.

This example file is called HR.doc and is stored in OneDrive.

This is how we created an alert policy for file activity of the file “HR.doc”.

Open Office 365 Security & Compliance

https://protection.office.com/alertpolicies

Alerts > Alert Policies > New Policy

Options selected

  • Status – Enabled
  • Severity – Medium
  • Category – Information Governance
  • Conditions – Activity is File Activity and File name is HR.doc
  • Scope – All Users
  • Email Recipients – email address
  • Limit the number of notifications – optional. 5 in this example

Test the alert by trying to modify or access the file.

Result

Alert email notification as shown below.

This logs an alert which then should be reviewed and investigated

Action the Alert

Get a list of active computers which have logged on to the domain in the last 7 days

# Trying to work out is servers, laptops or desktops have been decommissioned

# Try this script

# Get a list of active computers which have logged on to the domain in the last 7 days

$Date = (Get-Date).AddDays(-7)

Get-ADComputer -Filter {LastLogonDate -gt $Date} | Select distinguishedName

 

# https://social.technet.microsoft.com/Forums/windows/en-US/4d412730-5937-48c2-bf17-0dc9db013241/list-active-computers-in-ad?forum=winserverDS

# Credit to Richard Mueller – MVP Enterprise Mobility (Directory Services)