Forum Discussion
upgraded from P1 to P2... how do I configure this?
Hi, in fact, configuring notifications and automation levels in Defender 365 P2 goes through the Security portal and often refers to XDR, even if you don't use it directly. To manage notifications and approvals, look in M365 Defender's settings (email & collaboration > policies & rules > threat policies) for the section on automated investigation: from there you can set the level of automation, who receives critical alerts, and whether certain actions (e.g., removing phishing email from all boxes) can take place without approval. Unfortunately, the interface can be confusing, but it is all handled by these policies.
Hi micheleariis, thanks for the reply. Looking through the settings you listed, email & collaboration > policies & rules > threat policies doesn't have anything about automated investigation. If I go to settings > Defender XDR, (below img) there ARE some AIR-related settings, but the only ones relevant to me would be simple notification settings. We don't use device groups or Defender Endpoint. Really my concern is making sure the 'automation' P2 brings doesn't INCREASE workflow. Just looking at the Threat Policies - I don't see anything here that didn't exist already with P1.
THIS - 'whether certain actions (e.g., removing phishing email from all boxes) can take place without approval.' for example, is something I would like to configure. But I just don't see this anywhere
