Blog Post

Microsoft Defender XDR Blog
4 MIN READ

Identity Protection alerts now available in Microsoft 365 Defender

Idan_Pelleg's avatar
Idan_Pelleg
Icon for Microsoft rankMicrosoft
Oct 25, 2022
Azure Active Directory (Azure AD) Identity Protection alerts are now part of Microsoft 365 Defender.   Identity compromise is a pivotal component in any successful attack. By taking control over ...
Updated Oct 29, 2024
Version 8.0
cloud applications
incident management
microsoft defender for cloud apps
microsoft defender for identity
xdr
Kevin_Crouch's avatar
Kevin_Crouch
Brass Contributor
Jun 01, 2023

Is there any way that we can check the alerts set up to send to our helpdesk, so it can start our ticketing process? 

The best I have found so far is manually opening these for every separate customer to try and setup the settings

So starting from https://securitycenter.microsoft.com for each customer, going to Settings, and following the mentioned path, or navigating to the URL on the right in turn with each customer tenantID filled in

Incident NotifsM365 Defender > Email Notifs > Incidentshttps://security.microsoft.com/securitysettings/defender/email_notifications?emailNotificationRuleType=incidents&tid=<EachCustomerTenantID>
ActionsM365 Defender > Email Notifs > Actionshttps://security.microsoft.com/securitysettings/defender/email_notifications?emailNotificationRuleType=actions&tid=<EachCustomerTenantID>
Threat AnalyticsM365 Defender > Email Notifs > Threat Analyticshttps://security.microsoft.com/securitysettings/defender/email_notifications?emailNotificationRuleType=threat_analytics&tid=<EachCustomerTenantID>
Alert Tuning/SuppressionM365 Defender > Alert Tuninghttps://security.microsoft.com/securitysettings/defender/alert_suppression?tid=<EachCustomerTenantID>
Endpoint AlertsEndpoints > Email Notifications > Alertshttps://security.microsoft.com/securitysettings/endpoints/email_notifications?childviewid=alerts&tid=<EachCustomerTenantID>
Endpoint VulnerabilitiesEndpoints > Email Notifications > Vulnerabilitieshttps://security.microsoft.com/securitysettings/endpoints/email_notifications?childviewid=vulnerabilities&tid=<EachCustomerTenantID>
Identity Health NotifsMicrosoft Defender for Identity > Health Issueshttps://security.microsoft.com/settings/identities?tabid=healthIssuesNotifications&tid=<EachCustomerTenantID>
Identity AlertsMicrosoft Defender for Identity > Alerthttps://security.microsoft.com/settings/identities?tabid=securityAlertsNotifications&tid=<EachCustomerTenantID>

 

I can't find any place in any of the APIs for Defender that I can query or set them up with