This blog post will show how to use Microsoft Defender for Apps to create an email alert every time a Microsoft 365 Administrator logs in to one of the management portals.
To create an an alert, we need to create a policy that detects a login to one of the M365 portals from any user that is a member of the Microsoft 365 Administrator’s built-in security group.
Open the Microsoft 365 Defender portal.
Click on Policy management under Cloud apps
In the policy, use the following conditions
In the activities matching section, use the following filters and set the Alert to send an email.
About Defender for Cloud Apps
Microsoft Defender for Cloud Apps is a cloud-based security solution that helps organizations discover, classify, and secure sensitive data across cloud apps and services. It provides granular visibility and control over cloud app usage, data sharing, and user activity.
The solution includes a range of features such as cloud app discovery, activity monitoring, data loss prevention, and conditional access. It also integrates with other Microsoft security solutions, such as Azure Active Directory and Microsoft Defender for Office 365.
With Cloud App Security, organizations can protect sensitive data and meet compliance requirements while enabling users to securely access the cloud apps they need to do their work.