What it is
Overe can now include extended alert details directly in anomaly detection email notifications. When enabled, emails will contain additional context from the alert — including the specific details and enrichment data that triggered the detection — so you can assess the situation without needing to log into the portal first.
This feature is opt-in and disabled by default. You control it at the notification rule level.
How to enable it
Go to Settings and open the Notification Rules section for the relevant organisation or site.
Select the notification rule you want to update.
Look for the Alert Details setting within the rule configuration.
Toggle it on to include extended alert information in emails sent by that rule.
Save your changes.
The setting can be configured independently for each notification rule, giving you control over which alerts include the additional detail and which do not.
What is included
When alert details are enabled for a rule, email notifications will include:
Alert details — the specific data points that triggered the anomaly detection event
Enrichment data — additional context gathered alongside the detection, such as user or device information relevant to the alert
Why it matters
Previously, anomaly detection emails contained only a high-level summary, requiring recipients to log into Overe to begin any triage. With this change, your team can assess the nature of an alert directly from the notification, enabling faster response without an extra login step.
This is particularly useful for teams routing Overe alerts into shared inboxes or PSA ticketing systems, where immediate context helps with prioritisation and assignment.
Security note
Because alert details can include sensitive information about your Microsoft 365 environment, this setting is off by default. Only enable it for notification rules where the recipient list is appropriate for receiving that level of detail. If you use a shared or forwarded inbox for alerts, review who has access before turning this on.
