Data Security starts scanning files and matching them against enabled user activity rules as soon as you save a new policy or modify an existing policy. The default action is to generate a log when a policy violation occurs but if you enabled email alerts for high-risk issues, you will also receive an automatic email notification. To view policy violations for user activities, select ManageConfigurationSaaS SecurityData SecurityIncidentsUser Activity Incidents. If no known violations for user activity policies display, consider that activity monitoring for some cloud apps depends on user activity requirements.