Review and take action on alerts in Office 365 Cloud App Security
|Evaluation >||Planning >||Deployment >||Utilization|
||You are here!
You can use the Alerts page in Office 365 Cloud App Security to view potential issues and, if needed, take action.
You must be a global administrator or security administrator to perform the tasks in this article. See Permissions in the Office 365 Security & Compliance Center.
How to get to the Alerts page
As a global administrator or security administrator, go to https://security.microsoft.com and sign in using your work or school account.
In the Security & Compliance Center, choose Alerts > Manage advanced alerts.
Choose Go to Office 365 Cloud App Security.
In the navigation bar across the top of the screen, choose Alerts.
Review and handle alerts
Alerts help you identify activities in your Office 365 cloud environment that you might want to investigate further. You might also decide to create new policies or edit existing policies based on the alerts you see. For example, if you see an administrator logging on from a strange location, you may decide to set up a policy that prevents administrators from signing in to Office 365 from certain locations.
You can filter the alerts by Category or by Severity so you can manage the most important ones first.
For each alert, look into what caused it so you can decide what action to take. To see more details about an alert and to take action, such as resolving the alert or suspending a users account, choose the alert to open a details page. On the details page, you can review the activity log, accounts, and users that are related to the alert, and take actions such as the following:
Dismiss If the alert was a false positive, dismiss it. You can optionally add a comment explaining why you dismissed it.
Resolve alert If the alert was triggered by an activity that you know isn't a threat, resolve it. You can optionally add a comment explaining why you resolved it.
Suspend If you suspect unauthorized sign ins on an account, for example, someone signing in from another country when you know that person is physically at a local office, you can suspend the account while you investigate what's going on.
View a list of supported Web traffic logs and data sources