When a very important file stored in OneDrive needs to be monitored. This is how to create an alert on file activity. We specifically want to monitor and alert on any activity done to the specific file by any user.
This example file is called HR.doc and is stored in OneDrive.
This is how we created an alert policy for file activity of the file “HR.doc”.
Open Office 365 Security & Compliance
Alerts > Alert Policies > New Policy
Status – Enabled
Severity – Medium
Category – Information Governance
Conditions – Activity is File Activity and File name is HR.doc
Scope – All Users
Email Recipients – email address
Limit the number of notifications – optional. 5 in this example
Test the alert by trying to modify or access the file.
Alert email notification as shown below.
This logs an alert which then should be reviewed and investigated
Action the Alert
Create a monitoring alert on virtual machine CPU spike/usage.
you will need a virtual machine to monitor.
An action group set to send emails to admins
For this example we have a Windows10 virtual machine running in Azure we want to monitor.
Click Alerts > + New Alert Rule
Select a condition > Percentage CPU
Define the Alert Logic > Done
Assign an action group with sends an email notification to a user when the alert is triggered
Rule created and visible under Manage Alerts
Setting up Alerts in Azure Monitor.
How to create an action group configured with notifications via SMS and Email, actions and tags .
Monitor Blade, Alerts > Manage Actions > Create Action Group
When click the pencil to edit, enter the Email / SMS / Push / Voice options
There is more advanced automation options called “actions” which can also be defined
Security and Compliance Admin Center in Office 365 you can create alert policys.
Todays challenge was to setup an Alert Policy so an admin is notifed if a user adds a file to OneDrive or SharePoint containing Malware.
Start in “Office 365 Security & Compliance > Alerts Dashboard > New Alert Policy
I started by creating an Alert, selecting Threat Management & High Severity
Set the Trigger “Detected malware in file”
Select the Admins to be notified. I set a daily limit notification limit of 5 so I’m not get overloaded with the same alert.
Then “Finish” you have the option to turn the policy on or off
View “Alert polices”