Stay alert to the challenging risks at work
Monitor 1500+ user activities in your organization
Modern and easy to use alerting system
Safeguard your environment in 4 simple steps
Monitoring day to day user events in your Microsoft 365 setup is quite challenging. Make it simple with AdminDroid Alerts. It offers a complete Office 365 alerting solution where you can detect and resolve issues as well as prevent future complications before they affect end-users.
Create
You can create a new alert policy for any activity, regardless of its complexity. AdminDroid alerts come up with novel alert types such as new events, threshold, and comparison.
Step01
Optimize
Too many alerts imply too many spoilers. You can use our alert preview console to examine and develop an ideal alert policy by viewing the possible sample alerts.
Step02
Engage
As not all the alerts need same level of attention, you may customize the alert policy' recipients, notification limits, severity, and labels to prioritize the events that matter the most.
Step03
Action
Take necessary actions in response to the generated alerts by including alert statuses. Set the alert status to open, closed, or investigating so you can review it quickly.
Step04
Surpass the limitations of Native Microsoft 365 Alerting system
Alerts are not something new; Microsoft 365 Alerting is already a part of Security and Compliance Center. The main concern, however, is what makes AdminDroid alerts feature unique.
Fire Only the Alerts that Matters
Alerts aren't always as powerful as they can be when actual problems get lost in a sea of screaming sirens. With the inclusion of Comparison Alerts, you can analyze the past period activities and raise alert only when serious anomalies occur.
A Complete Picture of Alert Trends & Status Information
Visualize, analyse and monitor data on alert policies and triggered alerts all together in one location. Navigate seamlessly among generated alerts based on alert statuses, alert policies, and labels. Quickly dive into the specifics by clicking the statistics.
AdminDroid Alerts at Affordable Price
In Microsoft alerting system, primary features of alert policies are accessible only in E5 Subscription, which is of high cost. But AdminDroid offers affordable solution with more advanced functionalities.
A Quick Approach to Create Alert Policies
As AdminDroid offers 600+ audit reports, monitoring everything under a single tab is not everyone’s cup of tea. To ease your works, we are coming with a new feature where you can customize and create alert policies directly from any reports with required filters applied.
Visualize and Interpretate Alert Policies From Validating Console
AdminDroid alerts include Alerts preview console where the previous audit log entries of chosen activities will be gathered and displayed as sample alerts. Examining the sample alerts will help you in setting up a perfect condition for your alert policy.
Achieve Granular Alerting by Scope
Scope helps to accomplish a focused alerting, instead of an org-wide alert, it raises alerts based on the attributes you define. Say you want to alert when the user login fails more than 5 times in 10 minutes. Set 'Username' as scope to get user-specific alerts instead of org-wide failures.
Enhance Visualization with Rich Reporting Hierarchy
When the triggered alerts get pile up, you will lose track of time trying to manage them. Using AdminDroid, you can get a high-level view of alert policies and triggered alerts in a report format, including the visualization on alerts triggered and events that caused it.
Trigger, Acknowledge, and Resolve Incidents
The purpose of alerting doesn’t stop with triggering events, it also aims to resolving them. Setting up an alert status will allow you to review if the triggered event is still open, under investigation, or has been resolved.
Dominant Default Policies You Must Deploy
AdminDroid is ever ready with a helping hand in recommending the default alert policies that you must deploy. We come up with a diverse collection of prebuilt policy templates that make it easier for administrators to quickly deploying policies having a high degree of importance.
Default Alert Policies
AdminDroid has 45+ built-in policy templates that can assist you in deploying much needed policy in your office 365 environment.
Information Governance
Managing activities like unusual volume of file deletions, external sharing.
Threat Management
Managing activities like cybersecurity threats, risky sign-ins, ATP policy changes.
External Sharing
Managing activities such as Anonymous and Unusual amount of link creations...
File Traffic Monitoring
Monitor Accessed files in OneDrive, Notes and SharePoint.
Risky Sign-Ins
Managing activities such as Blocked user logins, Sign-ins from anonymous IP addresses....
Configuration Changes
Monitor the changes on User license, Advanced threat protection, Domain changes....
Permission
Permission
Policies coming under permission will help you in managing activities like elevation of admin privileges and ownership changes.
Elevation of Global admin privilege
Creates an alert when a user is added to the global admin role in the organization
Severity - Severe
Elevation of exchange admin privilege
Creates alerts if a user gets added to the exchange admin role in the organization.
Severity - Severe
Admin consent to applications
Creates an alert having a list of consents given to any applications by the admins in the organization.
Severity - Severe
Elevation of administrative privilege
Creates alerts when a user gets added to any of the admin roles in the organization.
Severity - Severe
Teams channel ownership changes
Creates an alert with a list of newly changed ownership in the Teams channels.
Severity - Low
Re-enabling blocked user accounts
Creates an alert whenever an admin enables any of the previously sign-in disabled user accounts in the organization.
Severity - Severe
Information Governance
Information Governance
Security incidents like unusual volume of file deletions, external sharing can be monitored by implementing the policies coming under information governance.
Unusual volume of file deletion
Creates an alert with a list of users who recently deleted an unusual number of files in SharePoint or OneDrive in the organization.
Severity - Severe
Teams private channel creations
Creates alerts whenever a private channel is created in Teams.
Severity - Info
eDiscovery search created
Creates alerts when a user created an eDiscovery search or content search in the organization.
Severity - Low
eDiscovery search exported or previewed
Creates alerts when a user previewed or exported any of the eDiscovery or content search results.
Severity - Low
Unusual volume of anonymous link creations
Creates an alert with a list of users who creates an unusual number of anonymous links in SPO or OneDrive in a day.
Severity - Low
Accessed notes in OneNote
Creates an alert with a list of accessed notes by comparing the previous week's and current week's accessed notes in OneNote.
Severity - Info
Accessed OneDrive files
Creates an alert with a list of accessed files by comparing the previous week's and current week's accessed files in OneDrive.
Severity - Info
Accessed SharePoint files
Creates an alert with a list of accessed files by comparing the previous week's and current week's accessed files in SharePoint.
Severity - Info
SharePoint DLP rule matched documents
Creates alerts whenever any of the SharePoint documents match the Data Loss Prevention rule configured in the organization.
Severity - Medium
Threat Management
Threat Management
Do you want to keep track of suspicious activities like cybersecurity threats, risky sign-ins, ATP policy change? Then a take look on policies coming under threat management.
Creation of external forwarded rule
Creates alerts when a new external forwarded email rule is created in Outlook by the users.
Severity - Medium
Malware campaign detected after delivery
Creates an alert with a list of new malware mails delivered to the users.
Severity - Severe
Admins forced user password reset
Creates an alert when an admin forces password reset for a user to avoid any security breach.
Severity - Low
Anti-phish policy creations and changes
Creates alerts whenever an anti-phish policy is created or updated in the organization.
Severity - Medium
Unusual anonymous user file activities
Creates an alert containing records of anonymous users who have done unusual volume of file activities within short period.
Severity - High
Unusual volume of users' daily login failure summary
Creates an alert having a list of users whose failed logins increased by comparing the same day in the previous week's failed login activities.
Severity - High
Resolved risky sign-ins of users
Creates an alert whenever a user's risky sign-in gets resolved.
Severity - Info
Blocked user attempted to login
When sign-in blocked users try to login, create an alert with a list of all attempted users with their login details such as location, device, etc.
Severity - Severe
External Sharing
External Sharing
Implement the policies under external sharing to prevent your organization's data from falling into the wrong hands. It will help you in managing activities such as external email forwarding, anonymous and unusual amount of link creations, external user file access activities.
Anonymous link creations
Creates an alert with a list of new anonymous link created by users in the organization.
Severity - Medium
Unusual volume of external file sharing
Creates an alert with a list of users who recently shared an unusual number of files with any external users.
Severity - High
Unusual external user file access activity
Creates an alert if any unusual volume of file access activity by external users is detected by comparing the same day in the previous weeks' file access activity.
Severity - Severe
Resources accessed using anonymous links
Creates an alert having a list of SharePoint or OneDrive files which is more accessed by comparing the previous day's file access activities. It lets you ensure that a file is not shared wrongly on any public site.
Severity - Low
Unusual number of site invitations shared to external users
Creates an alert when an unusual number of site invitations shared to external users by comparing the same day in the previous week.
severity - High
File Traffic monitoring
File Traffic monitoring
Policies coming under file traffic monitoring will monitor accessed files in OneDrive, Notes and SharePoint.
DLP rule detected mails
Creates alerts whenever any mail matches the Data Loss Prevention rule configured in the organization.
Severity - Low
Mail flow configuration changes
Creates an alert if any of the mail flow configurations are changed.
Severity - High
Mailbox non-owner access
Creates an alert if an unusual number of non-owner access of any mailbox is detected by comparing the same day in the previous week's non-owner access activity.
Severity - Info
Sign ins based on application
Creates an alert by comparing the previous and current week's sign-ins of each application available in the organization.
Severity - Info
Risky sign-ins
Risky sign-ins
Reduce anomalous login activities like blocked user logins, sign-ins from anonymous IP addresses, and unusual volume of admin login failures by deploying policies under ‘Risky sign-ins'.
Unusual volume of sign Ins blocked by Access Policy
Creates an alert if an unusual number of sign-ins blocked due to access policy by comparing the same day in the previous week's blocked sign-ins.
severity - High
High level risky sign ins
Creates alerts if a high-level risky sign-in is detected for a user in the organization.
Severity - High
Unusual volume of admins' login failures
Creates an alert whenever an unusual volume of admins’ login failures has been detected when compared to the same day in the previous week's failed logins.
Severity - High
Unlikely travel risk detections
Creates alerts if an impossible travel risk is detected for any users in the organization.
Severity - Severe
Sign ins from anonymous IP address
Creates alerts when a user sign-in from an anonymous IP address risk is detected in the organization.
Severity - Severe
All failed activities
Creates a single alert by comparing the previous and current week's failed activities for every workload.
Severity - High
Configuration Changes
Configuration Changes
Ensure regulatory compliance and remain up to date on any changes made to regulations and configurations in your organization. Deploying policies under configuration updates will help you monitor the changes made on user license, advanced threat protection policy, data loss prevention policy, domain changes, and so on.
User license changes
Creates alerts if any of the Office 365 licenses have been assigned/revoked for a user in the organization.
Severity - Info
Advanced Threat Protection configuration changes
Creates an alert if any of the Advanced Threat Protection configurations have been changed in the organization.
Severity - Medium
Directory setting changes
Creates alerts whenever a user has changed the directory setting in the organization.
Severity - Medium
Domain changes
Creates alerts if any domain settings have been changed in the organization.
Severity - High
Data Loss Prevention configuration changes
Creates an alert whenever a DLP configuration has been changed in the organization.
Severity - Medium
ATP default policy changes
Creates alerts whenever the Advanced Threat Protection settings for default policy have been changed in the organization.
Severity - Medium
MFA disabled users
Creates alerts whenever the MFA feature is disabled for a user in the organization.
Severity - High
Group owner changes
Creates an alert having a list of users who added to or removed from any of the group ownerships in the organization.
Severity - Medium
License assigned to external users
Creates an alert listing all the newly assigned Office 365 licenses to external users.
Severity - Low
Highlights
Receive instant email notification anytime when an alert is triggered. You will receive an overview of all events which triggered the alert as an attachment in the email body.
Some alerts demand immediate action, while others can be handled later. Include alerts severity to resolve serious issues faster before they turn into unwanted chaos.
Labeling will assist with profiling and prioritizing of your alert policies. Categorize alert policies better by creating custom labels.
Enhance data monitoring capabilities with rich reporting features. To meet your specific requirements, create your own custom blend of charts, AI-powered graphs, and infographics.
Delegate ownership of specific alerts by delegating respective alert reports with filters or views.
Periodic scheduling of the alert reports enables users to use the data for future compliance and investigative demands.
Email the Alert reports with customized messages to desired recipients and export them.
Dashboard to present you with a complete overview of alert statuses and trends, as well as details on triggered events.