Add Alert

CIPP offers a set of scheduled, recurring alert checks. Some of these duplicate Microsoft Alerts functionality in a more MSP-friendly manner and some are not available as a Microsoft Alert at this time. Similar to Standards & Drift, you configure alerts using the wizard to select one or more tenants or -All Tenants- to apply alerts globally, then select from the list of available alerts.

Alert Types

Within CIPP, there are two types of alerts:

• Audit Log Alert - These alerts are based on Microsoft audit logs.

• Scripted CIPP Alert - These alerts have been developed by CIPP to pull from sources other than the audit logs.

Alert Timing

• Audit Log Alerts - Processed in near real-time, but a small delay of up to 15 minutes is normal.

• Scripted CIPP Alerts - Each alert comes with a default value suggested by the CIPP team, but you can adjust it as needed. The available timings are:

  • 365 days / 1 year

  • 30 days / 1 month

  • 7 days / 1 week

  • 1 day

  • 4 hours

  • 1 hour

  • 30 minutes

Notification Settings

Custom Subject

This section will allow you to override the default notification subject with your own custom text. The custom notification will be prefixed with the tenant default domain name.

Actions to take

• Webhook - This will deliver a JSON payload to the webhook configured in Notifications.

• PSA - This will deliver a formatted payload to the configured PSA in Notifications.

• Email - This will deliver an HTML-formatted table to the email address provided in Notifications.

Alert Comment

This text block can include any custom information that you want to include with the alert. You can include helpful links, custom instructions, etc. Variable replacement is supported, eg %tenantname%.

Setting Up an Audit Log Alert

Setting Up A CIPP Scripted Alert

Available Alerts

You can review the available alerts embedded below or navigate to https://resources.cipp.app/?tab=alerts.

Feature Requests / Ideas

We value your feedback and ideas. Please raise any feature requests on GitHub.