question

KarunKhanna-4030 avatar image
0 Votes"
KarunKhanna-4030 asked KyleXu-MSFT commented

Alert when someone is granted full access to mailbox

we need to send email to legal head when anoyone in tech support provides full access to legal mailbox...i tried to create an alert in protection.office.com but it dint work, please help.

office-exchange-online-itpro
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi KarunKhanna-4030,

Since this is not an Open Specifications question, I removed openspecs-office-exchange tag.

Best regards,
Tom Jebo
Sr Escalation Engineer
Microsoft Open Specifications

0 Votes 0 ·
michev avatar image
0 Votes"
michev answered KyleXu-MSFT edited

What exactly didnt work? Was the alert policy created successfully, or you need help creating that? Or are there no alerts being generated after you configured the policy? Do note that alerts are not generated in real time.

Here's the policy that worked for me:

59996-qa-kyle-10-07-00.png

and here's the email notification associated with the alert:
60006-qa-kyle-10-07-22.png



· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@michev Thanks, but where is the mailbox that is to trigger if anyone is granted access. like if anyone is granted full access to legal@abc.com then alert is sent to user.

I did as above only thing is i added that shared mailbox as user but still not receiving emails.

0 Votes 0 ·

The mailbox on which the action was performed will not be visible in the alert, just the User who performed the action. To get additional details, you need to look at the corresponding audit event. If you mean you want the policy to fire only when someone adds permissions to specific mailbox, this is not possible via Alert Policies. For that, you will have to use MCAS activity policies, which offer better granularity: https://docs.microsoft.com/en-us/cloud-app-security/user-activity-policies

Alerting aside, you can also consider creating a custom/exclusive management scope to prevent people (even admins) from assigning such permissions.

0 Votes 0 ·
KyleXu-MSFT avatar image
0 Votes"
KyleXu-MSFT answered KyleXu-MSFT commented

@KarunKhanna-4030

The Alert Policy is used to record sensitive operations and notify the specified person such as administrator. It isn't used to inform user that he has permission to access other mailbox.

If the alert policy doesn't working in your tenant, you could open a service request to Office 365 team, they will help you to narrow down it.

@michev I removed domain name from your screenshots, I would suggest you have a check about it before posting screenshots in forum.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@KarunKhanna-4030
Any update about this thread now? You can also using administrator audit log to check which admin modify permission recently, but it cannot send email automatically.

0 Votes 0 ·