Alerts and Alert Policies
Start course

By the time you finish this course, you should have a good understanding of the reporting and alerting options in Microsoft Defender for Office 365. We'll start off with a lesson on the reporting options in Defender for Office 365 where we'll quickly touch on the reports that are available, and we'll then work through a quick reporting demonstration. We'll run through alerting and you'll learn about alert policies. A guided demonstration will then show you how to create an alert policy.

Learning Objectives

  • Learn about reporting in Microsoft 365 Defender for Office 365
  • Learn how to view reports
  • Learn about alerts and alert policies in Defender
  • Configure an alert policy

Intended Audience

This quick-hitting course is intended for those who wish to learn about the reporting and alerting options in Microsoft Defender for Office 365.


To get the most out of this course, you should have a basic understanding of Office 365.


Hello, and welcome to alerts and alert policies. To view and manage alerts in Defender for Office 365, you now use the Microsoft 365 Security Center, which actually pulls together Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and other security features into one place.

Alert management is performed in the security and compliance center at In the left pane of the Security and Compliance Center, you'll see the alerts option. From here, you can view the alerts dashboard, you can view alerts, you can configure alert policies, and you can manage advanced alerts through cloud app security.

The alerts dashboard is a customizable dashboard that provides an overview of alert trends, recent alerts and active alerts by severity. You can also create and manage alert policies right from the dashboard. It's essentially a single pane of glass for managing alerting. Clicking View Alerts in the left pane allows you to view alert information for your organization. The alerts policies option allows you to create and configure alert policies.

Alert policies allow you to track user and admin activities, malware threats or data loss incidents within the organization. When you configure an alert policy, you have to first choose what activity you wish to be alerted on.

Once you've done that, you can add conditions that determine when to trigger the alert, and who should receive notifications whenever the alert fires. Clicking Manage Advanced Alerts takes you to cloud app security.

Now, since this course doesn't focus on cloud app security, we're not going to get into the weeds here. And to be honest, we could probably do an entire course just on cloud app security. So instead, what we'll do now is jump into the next lesson where you'll get to watch over my shoulder as I create a new alert policy.

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.