How to notify admin and suspend user if user downloads large amount of files in 20 minutes?

Dave Wi 11 Reputation points
2020-10-15T05:19:24.06+00:00

Helo,

I require to notify admin and suspend user if user downloads large amount of files in 20 minutes.

which security policy can be considered? an activity policy/DLP policy/File Policy/an alert policy ?

Thanks,

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,192 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,454 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vasil Michev 95,181 Reputation points MVP
    2020-10-15T06:59:21.917+00:00

    Activity alerts/alert policies if you have "basic" O365 licensing, MCAS policies if you are licensed for that: https://learn.microsoft.com/en-us/cloud-app-security/data-protection-policies

    0 comments