Office 365 Security and Compliance – Alert When A Specific File Is Accessed

When a very important file stored in OneDrive needs to be monitored. This is how to create an alert on file activity. We specifically want to monitor and alert on any activity done to the specific file by any user.

This example file is called HR.doc and is stored in OneDrive.

This is how we created an alert policy for file activity of the file “HR.doc”.

Open Office 365 Security & Compliance

https://protection.office.com/alertpolicies

Alerts > Alert Policies > New Policy

Options selected

  • Status – Enabled
  • Severity – Medium
  • Category – Information Governance
  • Conditions – Activity is File Activity and File name is HR.doc
  • Scope – All Users
  • Email Recipients – email address
  • Limit the number of notifications – optional. 5 in this example

Test the alert by trying to modify or access the file.

Result

Alert email notification as shown below.

This logs an alert which then should be reviewed and investigated

Action the Alert

Azure – Monitoring Alert On Virtual Machine CPU Usage

Create a monitoring alert on virtual machine CPU spike/usage.

Prep work

  • you will need a virtual machine to monitor.
  • An action group set to send emails to admins

For this example we have a Windows10 virtual machine running in Azure we want to monitor.

Click Alerts > + New Alert Rule

Select a condition > Percentage CPU

Define the Alert Logic > Done

Assign an action group with sends an email notification to a user when the alert is triggered

Rule created and visible under Manage Alerts

Azure – Monitor / Alerts – Create Action Group to Notify Admin/User by SMS & Email

Setting up Alerts in Azure Monitor.

How to create an action group configured with notifications via SMS and Email, actions and tags .

Monitor Blade, Alerts > Manage Actions > Create Action Group

Click Notifications

When click the pencil to edit, enter the Email / SMS / Push / Voice  options

Now populated

There is more advanced automation options called “actions” which can also be defined

Then

Office 365 – Alert Policy – Detected Malware in File – OneDrive or SharePoint

Security and Compliance Admin Center in Office 365 you can create alert policys.

Todays challenge was to setup an Alert Policy so an admin is notifed if a user adds a file to OneDrive or SharePoint containing Malware.

Start in “Office 365 Security & Compliance > Alerts Dashboard > New Alert Policy

I started by creating an Alert, selecting Threat Management & High Severity

Set the Trigger “Detected malware in file”

Select the Admins to be notified. I set a daily limit notification limit of 5 so I’m not get overloaded with the same alert.

Then “Finish” you have the option to turn the policy on or off

View “Alert polices”