Question

In the context of alert policies, what is the first step to create an alert policy for unusual activity?

a) Enable Microsoft Office 365 auditing
b) Enable Microsoft Office 365 analytics
c) Enable Microsoft Office 365 Cloud App Security
d) Deploy a Microsoft Office 365 add-in to all the users

Answer 1

To create an alert policy for unusual activity in Microsoft Office 365, the first step is to enable Microsoft Office 365 auditing. This action provides the necessary activity logs required for such policies.

Step-by-step explanation:

To establish an alert policy for detecting unusual activity in Microsoft Office 365, the initial crucial step involves enabling auditing. This pivotal action initiates the comprehensive recording of user and administrative activities within the Office 365 environment. By activating auditing, a robust foundation is laid for generating the essential activity logs that serve as the backbone for crafting and implementing alert policies. Without this foundational step, the system would be devoid of the vital data needed to identify and subsequently alert administrators or security personnel about any anomalous or suspicious behavior, hindering the effectiveness of proactive security measures within the Office 365 ecosystem.