top of page

Do you know about Activity Alerts in Office 365 to detect suspicious activity?

Updated: Aug 10, 2021

In a single ½ hour we can configure your Activity Alerts to include our signature SSI security settings allowing email notifications to be sent when users perform specific activities in Office 365. Activity Alerts are similar to searching for events in the Microsoft Office 365 audit log, except that you’ll be sent an email message when an event for an activity that we’ve created an alert for happens.

Fraud Alerts

Why enable SSI's Signature Activity Alerts instead of searching for the Audit Log?

There might be certain kinds of activity or activity performed by specific users that you really want to know about. Instead of having to remember to search the audit log for those activities, you can use activity alerts to have Office 365 send you an email message when users perform those activities. For example, we can create an activity alert to notify you when a user has been detected as sending suspicious messages outside the organization or sets up email auto-forwarding. The email notification sent to you includes information about which activity was performed and the user who performed it.

Cybersecurity Alerts

Which notifications are included with SSI's Signature activity Alerts?

Alerts are triggered when:

• A user has been detected as sending suspicious messages outside the organization and will be restricted if this activity continues.

• Someone in your organization becomes an Exchange Admin or receives new Exchange Admin permissions.

• Users start content searches, eDiscovery searches, or when search results are downloaded or exported.

• Someone in your organization sets up auto-forwarding, email forwarding, a redirect rule, or a mail flow rule.

• A user has been restricted from sending messages outside the organization, due to potential compromised activity.

• Office 365 can’t deliver a message to your on-premise or partner servers via a connector, the message is queued in Office 365. This alert is triggered when the number of queued messages exceeds the policy threshold and have been queued for more than an hour.

• The majority of traffic from your tenant has been detected as suspicious and has resulted in a ban on sending ability for the tenant.

• A user granted permission for same or another user to access a target mailbox.

• A user created an anonymous link to a resource which allows anyone with this link to access the resource without having to be authenticated.

• Office 365 detected malware in either SharePoint or OneDrive file.

Don't wait until it's too late! Contact Steven in Solution Systems' IT Department to enable SSI's Signature Activity Alerts in Office 365.

Steven Kellerhals


2,910 views1 comment
bottom of page