Create notifications for exact data match activities
When you create custom sensitive information types with exact data match (EDM), there are a number of activities that are created in the audit log. You can use the New-ProtectionAlert PowerShell cmdlet to create notifications that let you know when these activities occur:
CreateSchemaEditSchemaRemoveSchemaUploadDataFailedUploadDataCompleted
Note
The ability to create notifications for EDM activities is available for the World Wide and GCC clouds only.
Tip
If you're not an E5 customer, use the 90-day Microsoft Purview solutions trial to explore how additional Purview capabilities can help your organization manage data security and compliance needs. Start now at the Microsoft Purview compliance portal trials hub. Learn details about signing up and trial terms.
Prerequisites
The account you have one of the following roles:
- Global administrator
- Compliance administrator
- Exchange Online administrator
To learn more about DLP permissions, see Permissions in the Microsoft Purview compliance portal.
EDM-based classification is included in these subscriptions:
- Office 365 E5
- Microsoft 365 E5
- Microsoft 365 E5 Compliance
- Microsoft E5/A5 Information Protection and Governance
To learn more about DLP licensing, see Microsoft 365 licensing guidance for security & compliance.
Configure notifications for EDM activities
Connect to the Security & Compliance PowerShell.
Run the
New-ProtectionAlertcmdlet using the activity that you want to create the notification for. For example, if you want to be notified when theUploadDataCompletedaction occurred, run:New-ProtectionAlert -Name "EdmUploadCompleteAlertPolicy" -Category Others -NotifyUser <address to send notification to> -ThreatType Activity -Operation UploadDataCompleted -Description "Custom alert policy to track when EDM upload Completed" -AggregationType NoneFor the
UploadDataFailedyou can run:New-ProtectionAlert -Name "EdmUploadFailAlertPolicy" -Category Others -NotifyUser <SMTP address to send notification to> -ThreatType Activity -Operation UploadDataFailed -Description "Custom alert policy to track when EDM upload Failed" -AggregationType None -Severity High
Related articles
Opinia
Dostępne już wkrótce: W 2024 r. będziemy stopniowo wycofywać zgłoszenia z serwisu GitHub jako mechanizm przesyłania opinii na temat zawartości i zastępować go nowym systemem opinii. Aby uzyskać więcej informacji, sprawdź: https://aka.ms/ContentUserFeedback.
Prześlij i wyświetl opinię dla