I'm trying to figure out if there's a way to set up alerts for new user creation in the Microsoft 365 Security Admin Center without paying extra for Azure alerts. It's important for our admins to receive notifications whenever a new user is created. I think Microsoft Defender used to have this feature, but I'm not sure if it's still available. Any insights?
3 Answers
Consider using AD Audit; it’s a powerful tool for tracking user activities in your environment. It can quickly help identify who has done what regarding user management. You can find more info here: [ManageEngine](https://www.manageengine.com/products/active-directory-audit/)
To get alerts on new user creation, you'll need to set up audit policies through Group Policy. Then, you can use a SIEM system, PowerShell, or even third-party monitoring tools to capture and get alerts for specific event IDs related to user creation.
Currently, there isn't a native method for getting alerts specifically for new user creation in Microsoft 365. However, a useful workaround is to run a PowerShell script daily to track new users, including information on who created them and when. You can even set it up to automatically email the report after a few adjustments. Check this link for the script details: [o365reports.com](https://o365reports.com/2023/08/01/find-who-created-user-account-in-microsoft-365/)
Thanks for the script! Just to confirm with my admins, there isn't a way to set up a Defender alert for this at the moment, right?
Will I have access to this feature with Microsoft 365 Business Premium?