Forum Discussion
Tobias_Moe
Mar 13, 2024Copper Contributor
Removing old M365 Defender incident email notification
Hi,
Does anyone know where I can turn off the old M365 Defender incident email notifications? A while back I setup alerting for High incidents using this, but I cannot find that same notification rule anymore to remove it. I have checked Defender XDR Email notifications view, but the old rule from M365 dosent exists there. And I know it exists, because my new email notification rule in Defender XDR is set to email me for Medium and High alerts, but for all High alert I am getting duplicate notifications.
- Joe HahnCopper ContributorTobias,
On the Defender Home page expand the Email & collaboration heading, click Policies & rules, then click Alert Policy. If you dont see what your looking for try double checking in your Exchange Admin Center: Home > Mail flow > Alert Policies. Let me know if this helps.- Tobias_MoeCopper ContributorHi Joe, thank you for the reply. I did check those places mentioned by you but did not find a solution to my issue.
Back when it was M365 Defender, I setup an alert in Defender dashboard to email me about High severity incidents from Defender. When M365 Defender changed in Defender XDR, it changed the placement for configuring email notifications for Defender alerts, and after setting up the new way I am still getting duplicate emails. One for the old M365 Defender email notification, and one for the Defender XDR one.
- DylanInfosecBrass ContributorHi Tobias,
I remember that screen and it definitely did move didn’t it.
On the XDR portal have you tried scrolling down to Settings > Microsoft Defender XDR > Email Notifications? It should be right there under General.
This is also where you get the Threat Analytics reports in the 3rd tab. And the menu below that is the Alert Service settings for the other Defender for Cloud and Entra ID Protection alerts.
Best,
Dylan- Tobias_MoeCopper ContributorHello! Thank you for the response Dylan, and apologies for the delayed response from my side.
The Email Notifications under Settings -> Defender XDR is where I setup the new email notification. Changing this has no effect on the old email configuration. I am still getting duplicate alerts, and I have noticed that some of my customers are also experiencing the same problem.
I think MS have removed the old email configuration page, but somehow forgot to remove the rules itself?