Create M365 / Entra ID Alert Profile


This guide will walk you through the process of creating a new Alert Profile to monitor your Azure Active Directory (Azure AD/Entra ID) / Office 365 environment for specific security events.

Before creating an Alert Profile, please note that the maximum number of active profiles is determined by your company’s subscription level. This limit applies strictly to enabled profiles; you may create and save additional profiles in a disabled state for future use without affecting your quota.

Furthermore, these limits are environment-specific: active profiles in Active Directory (AD) and Azure AD are tracked and capped independently. Reaching the limit in one environment does not prevent you from activating profiles in the other.

Step 1: Navigate to Alert Profiles

Figure 1 – Navigation to the “Create Alert Profile” form


  1. Select the “Office 365 / Entra ID” section of the portal.
  2. From the main menu of the InfraSOS portal, navigate to the Alerting section.
  3. Select the Alert Profiles tab to view your existing profiles for cloud tenants.
  4. Click the "+ Create Alert Profile" button to start the configuration process.

Step 2: Select the Azure Tenant

Figure 2 – Azure Tenant selection


First, you need to choose which of your connected Azure/Entra tenants this alert profile will monitor. Select the desired tenant from the dropdown list. The profile will only track activities within this specific tenant.

Step 3: Choose an Alert Policy

Figure 3 – Alert Policy Configuration


Next, you must select an Alert Policy. The policy is the core of your alert profile – it defines the specific activity that you want to be notified about.

You will be presented with a list of predefined policies to choose from, such as:

  • Elevation of administrative privilege: Creates an alert when a user, group or service principal gets added to any of the administrative roles in Entra ID.
  • Risky Sign-in Detected: Creates an alert if a risky sign-in is detected for a user in the organization.
  • ...and many more security and compliance-related events. Read more about Entra ID Alert Policies here.

Step 4: Define Profile Details

Figure 4 – Alert Profile details


Now, fill in the basic identification details for your new alert profile:

  • Profile Name: Give your profile a clear and descriptive name (e.g., "Critical: Risky Sign-ins for Admin Accounts").
  • Description (Optional): Add a brief explanation of the profile's purpose for future reference.
  • Severity Level: Assign a severity (e.g., Review, Attention, Critical). This helps you categorize, filter, and prioritize alerts during incident response.
  • Labels (Optional): Assign up to 10 labels to your alert profile to help you organize and filter your active alerts produced by the alert profile. Learn more about labels.

Step 5: Set Targeting Options (if applicable)

For certain policies, you can narrow the alert's scope to specific users or groups. If the policy you selected in Step 3 supports this, you will see options for:

  • Target Users: Apply this alert only to a specific list of user accounts.
  • Target Groups: Apply this alert only to members of specific Azure AD groups.

Read more about Entra ID Alert Policies filters.

Step 6: Configure Notifications

Figure 5 – Notification settings that send emails for every event that has happened outside the defined business hours


Define who should be notified about an alert and how:

  • Recipients: Add the email addresses of one or more users or distribution lists that should receive the alert notifications.
  • Notification Frequency: Choose how often emails should be sent.
  • Business Hours Rule: Choose which active alerts trigger notifications based on your company's schedule.

Read more about Alert Profile notifications here.

Step 7: Save the Profile

Once you have configured all the settings, review them one last time to ensure they are correct. Click "Save Alert Profile" to finalize the process.

Your new M365 / Entra ID alert profile is now created, but not yet active.

Step 8: Activate the Profile

Figure 6 – Alert Profile activation


Find the newly created alert profile in the Alert Profiles table and activate it by toggling the “Status” button.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us