Changes performed on the 06th of March 2023
To ignore an event, all the data displayed in the event description was previously considered. Out of relevance, we have updated some of these rules.
Ignoring rules criteria, per event, now considered:
- New Account Created: user who made the creation
- Account Deleted: user who made the deletion
- Administrator Role Change: concerned user
- Item Deleted from Retention Mechanism : user who made the deletion, IP address
- Email Impersonation: concerned user, account under whose name the email was sent
- Sign-In from Unauthorized Country: concerned user, country, IP address
- Too Many Logins: concerned user
- Mail Forwarding Rule(s) to External Destination Created: user who created the rule, redirection mailbox
Your previous ignoring rules (created before the 06th of March 2023) do not change: if you want to apply these new rules, you will need to ignore the events you do not want to be alerted on anymore.
All other events’ ignoring rules criteria do not change:
- File Shared Publicly (anonymous): concerned user, file name, site
- Health Status Decline, Health Status Improvement: health status type, current state, previous state, changes
- License Assigned, License Removed: concerned user, concerned license
- Mailbox Access by Non-Owner: concerned user, concerned mailbox
- Mailbox Access Granted to Non-Owner: concerned mailbox, right type, concerned user, user who granted the rights
- User Accessed with Previously Unknown Device and IP: concerned user, IP address, device (user agent), country
- New Teams App Installed: concerned user, site identifier
- Microsoft 365 setting changed outside Office Protect: Office Protect value, Microsoft value, concerned setting, concerned users if any
- New SharePoint Site Created, SharePoint Site Deleted: concerned user, concerned site, IP address
- User Consented to an App: concerned user, concerned application, if user consented on behalf of all the organization