skip to Main Content

Get Office 365 activity alerts when user signs in

Do you like to know how to get Office 365 activity alerts when a user signs in? For example, you did assign admin rights to a user, and you like to know by email when the user signs in the portal. Of course, this does not have to be an admin. You can set the same up for users in the Microsoft 365 tenant. In this article, we will look at how to get an Office 365 activity alert delivered by email when user signs in.

Create new alert policy for user sign in

Sign in to Microsoft 365 security center. Navigate to Policies & rules > Activity alerts.

Read more about the Microsoft 365 security and compliance center improvements »

Office 365 security alert policies and rules

If you don’t yet have auditing turned on, click on the button Turn on auditing. If you don’t, there is no auditing, and you will not be able to create a new alert policy.

Office 365 security alert turn on auditing

Refresh the page a couple of times, and the message will go away. If not, give it some time and wait till you see the New alert policy button change from greyed out to a clickable button.

Office 365 security alert preparing audit log

Click on New alert policy.

Office 365 security alert  new alert policy

Fill in the details for the new alert policy.

  1. Name: Sign-in user
  2. Description: Create an alert and send an email when the user signs in
  3. Activities: User logged in
  4. Users: The user that you want to monitor when signing in
  5. Recipients: The recipient that will get an email when the user signs in (this can be an external email)
  6. Click Save.
Office 365 security alert new alert policy details

The alert policy is successfully created and shown in the list Activity alerts.

Activity alert policy created

Do not start to test immediately. It can take 24 hours before the activity alert policy takes effect.

It can take up to 30 minutes or up to 24 hours after an event occurs for the corresponding audit log record to be returned in the results of an audit log search. The following table shows the time it takes for the different services in Office 365.

Microsoft 365 service or feature

More information about how long it will take after you create policies can be seen on the Microsoft Docs page Search the audit log in the compliance center.

Verify Office 365 activity alert

After 24 hours, test out the policy.

Sign in to the Office 365 portal with the user account you set up in the previous step. Wait a little bit, and you will get an Office 365 Activity Alert email in your mailbox.

Activity alert sign-in

That’s it!

Keep reading: Restrict access to Azure AD administration portal »

Conclusion

In this article, you learned how to get Office 365 activity alerts when user signs in. Sign in to the Microsoft 365 security center and configure the activity alert policy. Don’t forget that it will take up to 24 hours before the activity alert policy starts to work.

Did you enjoy this article? You may also like Move from per-user MFA to Conditional Access MFA. Don’t forget to follow us and share this article.

ALI TAJRAN

ALI TAJRAN

ALI TAJRAN is a passionate IT Architect, IT Consultant, and Microsoft Certified Trainer. He started Information Technology at a very young age, and his goal is to teach and inspire others. Read more »

This Post Has 0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *