How to generate email alert notification when Global admin or SharePoint administrator access to OneDrive for business file and folder for each user form Microsoft 365 Admin Center.

Question

As a Global admin, I can access to OneDrive for Business file and folder of each user in my tenant when I go to Microsoft 365 Admin Center. I just notice that Global Admin user can access to file and folder of each user from this. This makes privacy concern from managment team, also compliance team as well.

I got question from compliance team, if there is any way that we can generate an email notification to inform user and compliance team when global admin access to OneDrive of each user? or can we disable this feature?

Can anyone tell me how can I full fill compliance team requirement?

Answer 1

Such actions are audited in the Unified audit log, which you can access as detailed here: https://learn.microsoft.com/en-us/purview/audit-search?tabs=microsoft-purview-portal

In particular, you can search for the SiteCollectionAdminAdded event.

For email alerting, you can use the good old Activity alerts feature, although Microsoft is trying to deprecate it for a while now. You can still find the relevant bits in the Security portal or use the New-ActivityAlert cmdlet directly.

Or if you are exporting the Unified audit logs to external system, consider configuring alerting therein.