Setting Up Alert Channels
Connect email, Slack, Microsoft Teams, or webhooks and configure alert rules for your tenants.
1. Supported Channels
SPScan supports four types of alert channels: email, Slack, Microsoft Teams, and webhooks. Each channel type has its own configuration requirements and is suited to different workflows. You can create multiple channels of the same type and assign different alert rules to each one.
Email channels are the simplest to set up. You provide one or more email addresses and SPScan sends formatted HTML notifications when events match your alert rules. Slack channels use incoming webhook URLs to post messages to specific Slack channels in your workspace. Microsoft Teams channels work similarly, using Teams incoming webhook connectors to deliver alerts directly to a Teams channel.
Webhook channels are the most flexible option. SPScan sends a JSON POST request to any URL you specify, allowing you to integrate alerts with your own applications, ticketing systems, or automation workflows. The webhook payload includes the event type, affected tenant and site details, and the specific change that triggered the alert. See our Webhook Integration Guide for detailed payload documentation.
2. Creating an Alert Channel
To create an alert channel, navigate to the Alerts section from any tenant's sidebar and click on "Channels". Click the "Add Channel" button to open the creation form. Select the channel type from the dropdown and provide a descriptive name that helps you identify the channel's purpose, such as "Security Team Email" or "Client Notifications Slack".
For email channels, enter the recipient email addresses separated by commas. For Slack channels, you will need to create an incoming webhook in your Slack workspace first. Go to your Slack workspace settings, navigate to "Apps", search for "Incoming Webhooks", and create a new webhook for the channel where you want to receive alerts. Copy the webhook URL and paste it into SPScan.
For Microsoft Teams channels, the process is similar. Open the Teams channel where you want to receive alerts, click the three-dot menu, select "Connectors" (or "Workflows" in newer Teams versions), and add an "Incoming Webhook" connector. Copy the generated URL into SPScan. For webhook channels, simply enter the URL of your endpoint. SPScan will send a POST request with a JSON body to this URL for each matching event.
3. Configuring Alert Rules
Alert rules define which events trigger notifications and which channels should receive them. Navigate to the "Rules" tab in the Alerts section to manage your rules. Each rule consists of an event type, an optional tenant filter, and one or more target channels.
SPScan supports several event types including new external sharing links detected, anonymous access links created, permission inheritance broken, storage quota threshold exceeded, compliance score dropped below threshold, and new sites discovered. You can create rules for any combination of these events. For MSPs monitoring multiple tenants, you can scope rules to specific tenants so that client-specific alerts go to the right channels.
When creating a rule, choose the event type and severity level that matters to your workflow. High-severity events like anonymous sharing links are typically routed to immediate notification channels like Slack or Teams, while lower-severity events like storage usage changes might be better suited to email digests. You can assign multiple channels to a single rule to ensure critical events are seen by the right people.
4. Testing Your Alerts
After creating an alert channel, you should test it to verify that notifications are being delivered correctly. On the Channels page, each channel has a "Test" button that sends a sample notification through the configured channel. This allows you to confirm that email addresses are correct, webhook URLs are reachable, and Slack or Teams integrations are working.
The test notification includes a sample event payload that mirrors the format of real alerts. Review the notification to make sure it appears correctly in your email inbox, Slack channel, or Teams channel. If you are using a webhook channel, check that your endpoint receives the JSON payload and responds with a 2xx status code.
If a test notification fails, SPScan will display an error message indicating what went wrong. Common issues include expired webhook URLs, incorrect email addresses, and network restrictions blocking outbound requests. The alert logs page shows a history of all sent and failed notifications, which is useful for diagnosing delivery issues.
5. Best Practices
We recommend organising your alert channels by concern rather than by tenant. For example, create a "Security Alerts" channel for high-severity permission changes and a "Storage Warnings" channel for capacity issues. This approach scales better as you add tenants because you can route events from all tenants through the same channels based on their type and severity.
Avoid creating too many alert rules that overlap, as this can lead to notification fatigue. Start with a small number of high-priority rules covering the most critical events, such as anonymous sharing links and external access changes. As you become comfortable with the alert volume, you can add rules for lower-priority events.
For MSPs, consider creating separate channels for internal team notifications and client-facing alerts. Your internal team might want detailed technical alerts through Slack, while clients might prefer a weekly email summary. SPScan's flexible channel and rule system supports both workflows without duplication.