I’ve previously covered off how to create a new Protection Alert in Office 365 using the web interface:
Setting an alert for file download in Office 365
I’d also tried doing this via PowerShell but ran into some issues:
I’m puzzled by new-protcetionalert
Luckily, after some chasing down, I have learned that I overlooked an important option in my scripting. It seems the option:
-aggregationtype none
needs to be included. This tells the script to only create a single alert at a time. Thus to create a Protection Alert that will tell you of malware in a file in OneDrive for Business or SharePoint you need to run:
New-protectionalert -category $category -name “Detected malware in files” -ThreatType activity –NotifyUser “user@domain.com” -Operation filemalwaredetected -AggregationType none -Severity High
You’ll first need to connect to the Security and Compliance center with PowerShell before you can run this command.
If you then at the Alert Policies you should see the above.
Interestingly, when you look at the activity that will trigger the alert you see the above, which doesn’t provide you any indication of what the activity for the alert actually is. You will also notice that I can’t edit the activity or much else on the alert once it has been created via PowerShell.
However, I do know that setting Protection alerts via PowerShell does work so I’m happy that I can do bulk add alerts via a script. I just that one option.
CIAOPS 