Review and take action on alerts in Office 365 Cloud App Security

Office 365 Advanced Security Management is now Office 365 Cloud App Security.

Evaluation    >

Planning    >

Deployment    >

Utilization   

Start evaluating

Start planning

Start deploying

You are here!

Next steps

As a global or security administrator, you can use the Alerts page in Office 365 Cloud App Security to view potential issues and, if needed, take action.

How to get to the Alerts page

  1. As a global administrator or security administrator, go to https://protection.office.com and sign in using your work or school account.

  2. In the Security & Compliance Center, choose Alerts > Manage advanced alerts.

  3. Choose Go to Office 365 Cloud App Security.

    In the Security & Compliance Center, choose Manage Advanced Alerts to go to Office 365 Cloud App Security

  4. In the navigation bar across the top of the screen, choose Alerts.

    On the Alerts page, you can see alerts that were triggered and any actions taken.

Review and handle alerts

Alerts help you identify activities in your Office 365 cloud environment that you might want to investigate further. You might also decide to create new policies or edit existing policies based on the alerts you see. For example, if you see an administrator logging on from a strange location, you may decide to set up a policy that prevents administrators from signing in to Office 365 from certain locations.

Tip: You can filter the alerts by Category or by Severity so you can manage the most important ones first.

For each alert, look into what caused it so you can decide what action to take. To see more details about an alert and to take action, such as resolving the alert or suspending a users account, choose the alert to open a details page. On the details page, you can review the activity log, accounts, and users that are related to the alert, and take actions such as the following:

  • Dismiss If the alert was a false positive, dismiss it. You can optionally add a comment explaining why you dismissed it.

  • Resolve alert If the alert was triggered by an activity that you know isn't a threat, resolve it. You can optionally add a comment explaining why you resolved it.

  • Suspend If you suspect unauthorized sign ins on an account, for example, someone signing in from another country when you know that person is physically at a local office, you might want to suspend the account while you investigate what's going on.

Next steps

Expand your skills
Explore training
Get new features first
Join Office Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.

×