We have Azure AD Connect V1 running in the organization. We like to upgrade from…
Do you like to know how to get Office 365 activity alerts when a user signs in? For example, you did assign admin rights to a user, and you like to know by email when the user signs in the portal. Of course, this does not have to be an admin. You can set the same up for users in the Microsoft 365 tenant. In this article, we will look at how to get an Office 365 activity alert delivered by email when user signs in.
Create new alert policy for user sign in
Sign in to Microsoft 365 security center. Navigate to Policies & rules > Activity alerts.
Read more about the Microsoft 365 security and compliance center improvements »
If you don’t yet have auditing turned on, click on the button Turn on auditing. If you don’t, there is no auditing, and you will not be able to create a new alert policy.
Refresh the page a couple of times, and the message will go away. If not, give it some time and wait till you see the New alert policy button change from greyed out to a clickable button.
Click on New alert policy.
Fill in the details for the new alert policy.
- Name: Sign-in user
- Description: Create an alert and send an email when the user signs in
- Activities: User logged in
- Users: The user that you want to monitor when signing in
- Recipients: The recipient that will get an email when the user signs in (this can be an external email)
- Click Save.
The alert policy is successfully created and shown in the list Activity alerts.
Do not start to test immediately. It can take 24 hours before the activity alert policy takes effect.
It can take up to 30 minutes or up to 24 hours after an event occurs for the corresponding audit log record to be returned in the results of an audit log search. The following table shows the time it takes for the different services in Office 365.
More information about how long it will take after you create policies can be seen on the Microsoft Docs page Search the audit log in the compliance center.
Verify Office 365 activity alert
After 24 hours, test out the policy.
Sign in to the Office 365 portal with the user account you set up in the previous step. Wait a little bit, and you will get an Office 365 Activity Alert email in your mailbox.
Keep reading: Restrict access to Azure AD administration portal »
In this article, you learned how to get Office 365 activity alerts when user signs in. Sign in to the Microsoft 365 security center and configure the activity alert policy. Don’t forget that it will take up to 24 hours before the activity alert policy starts to work.
Did you enjoy this article? You may also like Move from per-user MFA to Conditional Access MFA. Don’t forget to follow us and share this article.