Alerts SHOULD be sent to a monitored address or incorporated into a security information and event management (SIEM) system.

Why This Matters

Without proper alert routing, critical security events in your Microsoft 365 environment can go unnoticed. An unmonitored alert queue means you may miss indicators of compromise, unauthorized access attempts, or policy violations, leaving your organization vulnerable to extended attack timelines.

What Aether365 Checks

Aether365 verifies that your Microsoft 365 alerts are configured to forward to a monitored email address or to a Security Information and Event Management (SIEM) system. This check appears in the Aether365 dashboard under the microsoft-365 service checks.