When an end user violates a policy in OneDrive, a notification is generated based on the notification settings configured by you in the policy configurations.

This document explains where you can find notifications on policy violations and what actions can be taken.

Nightfall Violations Page

To view the Nightfall violations page:

1. Navigate to the Violations page in Nightfall.

2. Apply filters to view only OneDrive violations.

3. (Optional) To view historic alerts, set the date filter appropriately.

4. (Optional) Hover over a violation to view the severity of the violation (Likely, Very Likely). You can also check if a violation has active credentials.

5. Click on any Violation to view the details.

5. Click on any violation to view the exact data that caused the violation (highlighted in red). You can click Expand details to view further details.

For more information on Violations, see Violations.

Email Notifications

• If you have configured Email Notification in Admin Alerting, Nightfall admins receive the Email notification. This Email allows admins to take actions from within the Email.

• If you have configured Email Notification in the Automation section of End user notification settings, end users receive an email from Nightfall. This notification allows end users to take remedial actions from within the Email. The available remedial actions depend on the settings configured in the end user remediation section.