Skip to Content
ReportsMonitoringAlertsAlert Policies

Alert Policies

Configure and manage alert rules that trigger notifications when specific conditions are met. Define thresholds, notification channels, and escalation procedures.

Overview

Alert Policies define the conditions under which alerts are generated. Configure rules for service health changes, security events, compliance violations, performance thresholds, and custom conditions. Each policy specifies what triggers the alert, who gets notified, and how the alert should be handled.

Policy Configuration

SettingDescription
Policy NameDescriptive name for the alert policy
ConditionThe trigger condition (threshold, event, status change)
SeverityAlert severity level when triggered
ScopeWhich tenants or resources the policy applies to
Notification ChannelsHow alerts are delivered (email, Teams, Slack, etc.)
Cooldown PeriodMinimum time between repeated alerts for the same condition
Auto-ResolveWhether alerts automatically close when the condition clears

Alert Types

  • Service Health — Trigger on Microsoft 365 service status changes
  • Security — Trigger on security events, threats, or suspicious activity
  • Compliance — Trigger on compliance policy violations
  • Sync Failure — Trigger when tenant synchronization fails
  • Threshold — Trigger when a metric exceeds a configurable value
  • Custom — User-defined conditions using available data sources

Notification Channels

  • Email — Send alert notifications to specified email addresses
  • Microsoft Teams — Post alerts to a Teams channel via webhook
  • Slack — Send alerts to a Slack channel
  • SMS — Text message notifications for critical alerts
  • PagerDuty — Integration with PagerDuty for on-call routing
  • Custom Webhook — Send alert data to any webhook endpoint

Escalation Rules

Configure automatic escalation when alerts are not acknowledged:

  1. First notification — Sent immediately when the alert triggers
  2. Reminder — Re-sent after a configurable delay if not acknowledged
  3. Escalation — Forwarded to a secondary contact or management
  4. Critical escalation — Phone call or SMS to on-call personnel

Filters

  • Alert Type — Service Health, Security, Compliance, Custom
  • Status — Enabled, Disabled
  • Severity — Critical, High, Medium, Low
  • Scope — All tenants, specific tenants

API Reference

  • GET /api/monitoring/alert-policies — List all alert policies
  • POST /api/monitoring/alert-policies — Create a new alert policy
  • PUT /api/monitoring/alert-policies/{id} — Update an alert policy
  • DELETE /api/monitoring/alert-policies/{id} — Delete an alert policy
  • POST /api/monitoring/alert-policies/{id}/test — Test an alert policy
Last updated on
Alert HistoryAdmin Activity Log