Manage scheduled tenant alerts.
CIPP offers a set of scheduled, recurring alert checks. Some of these duplicate Microsoft Alerts functionality in a more MSP-friendly manner, some are not available as a Microsoft Alert at this time.
Within CIPP, manage Tenant Alerts in two menu areas:
- Tenant Administration > Administration > Alerts Wizard
- Tenant Administration > Administration > List Scheduled Alerts
Alert email delivers to the email address or webhook provided in CIPP settings. Alerts are delivered as an HTML-formatted table. Alerts fire once per incident - for example, a full mailbox does not fire an alert every time it's checked).
Alert scans run every 15 minutes.
- Alert on users without any form of MFA
- Alert on admins without any form of MFA
- Alert on tenants without a Conditional Access policy, while having Conditional Access licensing available
- Alert on new users added to any admin role
- Alert on changed admin Passwords
- Alert if Defender is not running (Tenant must be on-boarded in Lighthouse)
- Alert on Defender Malware found (Tenant must be on-boarded in Lighthouse)
- Alert on 90% mailbox quota used
- Alert on unused licenses
- Alert on expiring application secrets
- Alert on expiring APN certificates
- Alert on expiring VPP tokens
- Alert on expiring DEP tokens
Webhook Alerts are alerts that are pushed into CIPP by external resouirces, such as the Microsoft Audit log, or Microsoft Graph Subscriptions. CIPP receives these alerts and processes them by adding information or executing remediation tasks.
Webhook Alerts can be shipped to a PSA, Email, or sent to another webhook system to allow processing.
Webhook Alerts cannot be shipped to Slack, Discord, or Teams via CIPP, as these products do not support receiving raw json information webhooks.
The following APIs are called on this page: