Alerts Wizard

Manage scheduled tenant alerts.

CIPP offers a set of scheduled, recurring alert checks. Some of these duplicate Microsoft Alerts functionality in a more MSP-friendly manner, some are not available as a Microsoft Alert at this time.

Within CIPP, there are two types of alerts.

  • Tenant Administration > Administration > Classic Alerts

  • Tenant Administration > Administration > Alert Rules

Similar to Tenant Standards, you configure alerts using the wizard to select one or more tenants or -All Tenants- to apply alerts globally, then select from the list of available alerts.

Alert email delivers to the email address or webhook provided in CIPP settings. Alerts are delivered as an HTML-formatted table. Alerts fire once per incident - for example, a full mailbox does not fire an alert every time it's checked).

Classic Alert scans run every hour

Available Alerts

  • Alert on users without any form of MFA

  • Alert on admins without any form of MFA

  • Alert on tenants without a Conditional Access policy, while having Conditional Access licensing available

  • Alert on new users added to any admin role

  • Alert on changed admin Passwords

  • Alert if Defender is not running (Tenant must be on-boarded in Lighthouse)

  • Alert on Defender Malware found (Tenant must be on-boarded in Lighthouse)

  • Alert on 90% mailbox quota used

  • Alert on unused licenses

  • Alert on expiring application secrets

  • Alert on expiring APN certificates

  • Alert on expiring VPP tokens

  • Alert on expiring DEP tokens

Feature Requests / Ideas

Please raise any feature requests on GitHub.

Last updated