This Is a KB to talk about how to monitor group deletions
Here is an article from Microsoft that goes into detail on how to create alert policy
One policy that can be created is one to monitor when a team is deleted so that it can be recovered within a 30 day window.
Below are some steps you can take to create an alert policy through the Office 365 Compliance center.
Setting up Alerts
The only option right now to prevent data loss is to set up alerts. This way you will get a notification when a Team is deleted, and by who, allowing you to act before the 30-day retention is passed.
To set up the Alerts we are going to create an Activity Alert. This option is a bit hard to find in the Security and Compliance Center.
- Log in to protection.office.com
- Expand Alerts and click on Alert Policies
- Click on Activity Alerts. If you don’t see that option then open the following URL: https://security.microsoft.com/managealerts
- Make sure that auditing is turned on. If you don’t see the alert, then it’s on. Otherwise, enable it and refresh the page
- Create a New alert Policy
- Give the policy a name and description. The name of the policy will also show up in the subject of the email.
- Under activities, select Deleted Team and leave users blank so the alert will work for all users
- Select the name of the people who you would like to have receive the alert under Send this alert to so you receive an mail when the Team is deleted.