Purview Alert Policy Modification Procedure

This admin procedure will provide background information on modifying an existing custom alert policy.

Alert Policies

An alert policy is a set of rules and conditions that define the user or admin activity that generates an alert, a list of users who trigger the alert if they perform the activity, and a threshold that defines how many times the activity has to occur before an alert is triggered.

Procedure Scope: Administrators

Required Group Membership: Admin.Compliance

Modifying an Alert Policy

1. Navigate to Alert Policies – Purview, locate the policy you wish to alter. A new window will generate, select Edit Policy to begin the modification process.
   
2. Upon opening the policy, all the information of the label will be displayed. 3 points of interest will be available to Edit. You can modify the sections as needed.
   1. Description: Adjusts functional items such as policy deployment status, alert severity definition, and alert category assignment. Along with non-functional items such as the Description which should outline the purpose of the policy.
      
   2. Settings: Specifies the activity that causes the generation of the alert. The initial condition set cannot be removed; however, you can adjust any underlying parameters for the activity being monitored.
      
   3. Notifications: Specifies users or administrators that will be notified of the event that matched the conditions of the policy.
      
3. Once your desired section has been modified, select Save to finalize the modification process.
   

You're Finished!