Office365 Securlet fails to generate alerts for Policies relating to document exposures. Other attributes such as recipient or sender can be specified; however, the underlying issue pertains to Exposure type.
• By default for Office 365, policy alerts are generated only in case of violation detection.
• Customers can have a data exposure CASB policy without any violation rule selected.
• Currently alerts are missing for such non-risk policies.
• The 'Post Eval Param' feature is not currently enabled for all tenants by default; however, a request can be submitted by Support on your behalf.
• Engineering's answer to why the feature isn't enabled for all tenants by default is that a planned rollout is being considered. This is to help mitigate the potential impact/slowdown of related services in the CloudSOC operating environment.