Compliance scans and reports run once a day. This means that if a new bit of infrastructure is spun up or modified that violates a compliance policy, an alert will fire at the time of the next compliance scan. In other words, there is potentially a max delay of 24 hours between an infrastructure change and an alert firing.

If you'd like, you can find and change when your tenant's compliance scan occurs by going to Settings > Configuration > General then scrolling down to the "Resource Management Collection Schedule" section. The scheduled time is in 24-hour format and set in the GMT time zone.