You have a Microsoft 365 E5 subscription that contains a user named User1 and a Microsoft SharePoint Online site named Site1.
You create the alert policy shown in the following exhibit.
To Site1, User1 uploads the files shown in the following table.
How many alerts will be generated in response to the file uploads?
The alert policy is set to trigger an alert when a file with a .docx extension is uploaded. The policy is configured to aggregate alerts within a one-minute interval. User1 uploads the following files with a .docx extension: File1 at 8:00:00, File2 at 8:00:40, File4 at 8:04:50, and File5 at 8:05:10. File3 (.xlsx) is not considered since it does not match the condition specified in the policy. Since File1 and File2 are within one minute of each other, they will generate one alert. Similarly, File4 and File5 are within one minute of each other, so they will generate a second alert. Therefore, a total of 2 alerts will be generated.
Subscription Aggregation interval ****Office 365 or Microsoft 365 E5/G5 1 minute**** Defender for Office 365 Plan 2 1 minute E5 Compliance add-on or E5 Discovery and Audit add-on 1 minute Office 365 or Microsoft 365 E1/F1/G1 or E3/F3/G3 15 minutes Defender for Office 365 Plan 1 or Exchange Online Protection 15 minutes file 1 and 2 are 40 seconds apart = 1 alert file 4 and 5 are 30 seconds apart = 1 alert
When triggered alerts are within 5 mins then I think the answer should be 2. Because: File1.docx, File2.docx and File4.docx are in a range of 5 mins = 1 File3.xlsx ist not triggered File5.docx ist triggered at 08:05:10 and this is out of the initial triggered alert at 08:00:00 = +1 So I think the answer is B = 2
When one event occurs which matches a policy, an alert is generated and displayed on the Alerts page and a notification is sent. If another event matching the same policy occurs within one minute of the first event, then Compliance Manager adds details about the additional event on the Events log tab of the existing alert instead of triggering a new alert. The goal of alert aggregation is to help reduce alert "fatigue" and let you focus and take action on fewer alerts. Taken from: https://learn.microsoft.com/en-us/purview/compliance-manager-alert-policies#alert-aggregation-for-multiple-events-within-one-minute By this logic, 2 alerts generated. The .xlsx will not generate an alert as it is not in scope of the policy.
There is interval of 1 minute for alert aggregation. https://learn.microsoft.com/en-us/purview/compliance-manager-alert-policies#alert-aggregation-for-multiple-events-within-one-minute Additionally, the XLSX file is filtered out.
Answer is 1. As the alert triggered within 5 mins will be consolidated in a single alert.
When triggered alerts are within 5 mins then I think the answer should be 2. Because: File1.docx, File2.docx and File4.docx are in a range of 5 mins = 1 File3.xlsx ist not triggered File5.docx ist triggered at 08:05:10 and this is out of the initial triggered alert at 08:00:00 = +1 So I think the answer is B = 2
D is the correct answer.
4 alerts, 1 for each file
But we have 5 files. Please, Can you explain.
Sorry, I've got it. Filter is for .docx files.