In this article:

• Objective

• Prerequisites

• Steps to follow

• Validation and confirmation

• Tips

• Related topics and articles

 Objective   

This article explains how to configure an alert in ManageEngine ADAudit Plus to notify administrators whenever a policy in Microsoft Intune is modified. This alert setting helps enhance visibility into changes to device or configuration policies, ensures accountability, and supports compliance with organizational security and change management practices.

 Prerequisites   

• Access to the ADAudit Plus web console.

• To configure Cloud Directory alerts, the logged-in user must have either an administrator role or at least a technician role with delegated permissions.

• Ensure that the Azure AD Audit module is properly configured and licensed in ADAudit Plus.

• Confirm that audit log collection is active and healthy, and that the status related to Intune is successful.

• To receive alert notifications via email from ADAudit Plus, ensure the SMTP settings are configured under Admin > General Settings > Server Settings.

 Steps to follow 

1. Log in to the ADAudit Plus web console as an administrator or with a technician account with delegated permissions to create or modify alerts.

2. Navigate to the Alerts tab.

3. Click New Alert Profile in the top-right corner.

4. Enter a relevant Name and a brief Description.
   (Example: "Alert – Intune Policy Modification: Device Compliance Policy")

5. Click the + symbol next to Report Profiles.

6. Select the appropriate Cloud Account from the Domain drop-down.

7. Select Microsoft Intune as the report profile.

8. You can tailor the Alert Message to suit your specific requirements.

9. Additionally, the Advanced Configuration options allow you to customize alerts based on thresholds, business hours, and advanced filtering criteria.

10. Enable Filter.

11. Set the filter to:

1. Attribute: TARGETS NAME

2. Operator: EQUALS

3. Value: Name of the specific Intune policy to monitor (e.g., "Device Compliance Policy - iOS")

12. In the Alert Actions section, enable E-mail Notification.

13. Enter the recipient email addresses where the alert should be delivered.

14. Provide a clear and relevant subject line for the email notification.

15. Select the preferred format for the alert email, either HTML or Plain Text.

16. Select the details you would like to include in the email, such as:

• Alert Message

• Alert Profile Name

• Event Details

17. Enable the Throttle Notification option to suppress multiple alerts into a single notification based on defined criteria.
    Example: If multiple logon failures are detected from the same user within 15 minutes, consolidate them into one alert after that time window.

18. If SMS provider settings are already configured in ADAudit Plus (Admin > General Settings > Server Settings > SMS), enable SMS Notifications for real-time updates.

19. Enable the Execute Script option to trigger a script automatically when a specific alert is generated.
    Example: Lock a user account temporarily after detecting 10 consecutive logon failures from that account.

20. If a ticketing tool is integrated with ADAudit Plus (Admin > Configuration > Ticketing system Integration), enable Configure Auto Ticketing to automatically generate tickets for alerts.

Note: You can also use Throttle Ticket Generation to avoid creating a ticket for every alert and instead generate one for a group of alerts meeting certain conditions.

21. Click Save to activate the alert profile.

 Validation and confirmation 

• Modify the specified Intune policy in the Microsoft admin center

• Go to Alerts > Expand Cloud account, under Profile-based alerts.

• Choose the Alert profile that was created, then view those alerts in the ADAudit Plus console.

• Verify that the alert appears with the correct policy name, modifying user, and timestamp.

• Verify that the alert appears with the correct event details.

• Ensure the alert email is received at the specified address.

 Tips 

• Use relevant names and descriptions for alert profiles (e.g., “Intune Policy Modification: Device Compliance Policy”) for easy identification and maintenance.

• Monitor high-impact policies.

 Related topics and articles 

• How to create an alert to notify when a member is removed from any role.

• How to create an alert for member additions to any Azure AD role in ADAudit Plus