Get email notifications on new incidents from Microsoft 365 Defender

Published 12-23-2020 07:01 AM 6,993 Views
Microsoft

A new Microsoft 365 Defender feature now lets you receive notification emails directly to your mailbox for each new incident or incident update, this will help you to stay on top of the incident queue.

Get notifications based on incident severity or by device group. You can also choose to only be notified on the first update for each incident.

 
 
 
 
 
 

Screenshot 2020-12-23 165410.png

 

The notification email contains important details like the incident name, severity, and category.

 

This notification email enables you to review your incidents effectively, without requiring any trouble ticketing system or API integrations.  It can be a big help in transitioning your security operations processes and leveraging the great efficiency improvements provided through the incident's alert correlation capabilities

 

Once you get the notification, you can go directly to the incident and start your investigation right away. For more information on investigating incidents, see Investigate incidents in Microsoft 365 Defender.

 

If you are looking for more information on how to set up incident email notification in Microsoft 365 Defender, see the full instructions.

 

 

 

 

5 Comments
Senior Member

:cool:

Great feature! Can I specifically get e-mail notifications for iOS & Android devices only? Or is this just security group based? 

Respected Contributor

It seems like there are many different places in to configure notifications. i.e., the M365 Message Center and Service Health have places, Azure AD has one, Compliance center does and I'm sure that there are some others that I'm not remembering. Where can we find a comprehensive listing of these? How we ensure that the values are updated when admin changes are made? Governing this can be a challenge, does anyone have any suggestions?  

Microsoft

@JoseSetienMDM you can set device groups in Defender for Endpoint and choose to get only these notifications as emails.

Senior Member

Great feature!

New Contributor

@Idan_PellegGreat post which is linked at https://techcommunity.microsoft.com/t5/microsoft-365-defender/become-a-microsoft-365-defender-ninja/... (Module 3. Investigation – Incident).

 

Unfortuately, the link above to see the full instructions (https://docs.microsoft.com/en-us/microsoft-365/security/mtp/get-incident-notifications?view=o365-wor...) does no longer work.

 

Can you change the link and replace it with this one? https://docs.microsoft.com/en-us/microsoft-365/security/defender/get-incident-notifications?view=o36...

 

Thanks,

Andre

%3CLINGO-SUB%20id%3D%22lingo-sub-2012518%22%20slang%3D%22en-US%22%3EGet%20email%20notifications%20on%20new%20incidents%20from%20Microsoft%20365%20Defender%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2012518%22%20slang%3D%22en-US%22%3E%3CP%3EA%20new%20Microsoft%20365%20Defender%20feature%20now%20lets%20you%20receive%20notification%20emails%20directly%20to%20your%20mailbox%20for%20each%20new%20incident%20or%20incident%20update%2C%20this%20will%20help%20you%20to%20stay%20on%20top%20of%20the%20incident%20queue.%3C%2FP%3E%0A%3CP%3EGet%20notifications%20based%20on%20incident%20severity%20or%20by%20device%20group.%20You%20can%20also%20choose%20to%20only%20be%20notified%20on%20the%20first%20update%20for%20each%20incident.%3C%2FP%3E%0A%3CDIV%20id%3D%22tinyMceEditorIdan_Pelleg_0%22%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%20id%3D%22tinyMceEditorIdan_Pelleg_1%22%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%20id%3D%22tinyMceEditorIdan_Pelleg_2%22%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%20id%3D%22tinyMceEditorIdan_Pelleg_3%22%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%20id%3D%22tinyMceEditorIdan_Pelleg_4%22%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%20id%3D%22tinyMceEditorIdan_Pelleg_5%22%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Screenshot%202020-12-23%20165410.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F242519iA002C63711C7E974%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Screenshot%202020-12-23%20165410.png%22%20alt%3D%22Screenshot%202020-12-23%20165410.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20notification%20email%20contains%20important%20details%20like%20the%20incident%20name%2C%20severity%2C%20and%20category.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThis%20notification%20email%20enables%20you%20to%20review%20your%20incidents%20effectively%2C%20without%20requiring%20any%20trouble%20ticketing%20system%20or%20API%20integrations.%26nbsp%3B%20It%20can%20be%20a%20big%20help%20in%20transitioning%20your%20security%20operations%20processes%20and%20leveraging%20the%20great%20efficiency%20improvements%20provided%20through%20the%20incident's%20alert%20correlation%20capabilities%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EOnce%20you%20get%20the%20notification%2C%20you%20can%20go%20directly%20to%20the%20incident%20and%20start%20your%20investigation%20right%20away.%20For%20more%20information%20on%20investigating%20incidents%2C%20see%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Finvestigate-incidents%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EInvestigate%20incidents%20in%20Microsoft%20365%20Defender%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20you%20are%20looking%20for%20more%20information%20on%20how%20to%20set%20up%20incident%20email%20notification%20in%20Microsoft%20365%20Defender%2C%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fget-incident-notifications%3Fview%3Do365-worldwide%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Esee%20the%20full%20instructions%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-2012518%22%20slang%3D%22en-US%22%3E%3CP%3EIncident%20email%20notification%20enables%20you%20to%20review%20your%20incidents%20effectively%2C%20without%20requiring%20any%20trouble%20ticketing%20system%20or%20API%20integrations.%26nbsp%3B%20It%20can%20be%20a%20big%20help%20in%20transitioning%20your%20security%20operations%20processes%20and%20leveraging%20the%20great%20efficiency%20improvements%20provided%20through%20the%20incident's%20alert%20correlation%20capabilities%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2030327%22%20slang%3D%22en-US%22%3ERe%3A%20Get%20email%20notifications%20on%20new%20incidents%20from%20Microsoft%20365%20Defender%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2030327%22%20slang%3D%22en-US%22%3E%3CP%3E%3CIMG%20class%3D%22lia-deferred-image%20lia-image-emoji%22%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Fhtml%2Fimages%2Femoticons%2Fcool_40x40.gif%22%20alt%3D%22%3Acool%3A%22%20title%3D%22%3Acool%3A%22%20%2F%3E%3C%2FP%3E%3CP%3EGreat%20feature!%20Can%20I%20specifically%20get%20e-mail%20notifications%20for%20iOS%20%26amp%3B%20Android%20devices%20only%3F%20Or%20is%20this%20just%20security%20group%20based%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2117193%22%20slang%3D%22en-US%22%3ERe%3A%20Get%20email%20notifications%20on%20new%20incidents%20from%20Microsoft%20365%20Defender%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2117193%22%20slang%3D%22en-US%22%3E%3CP%3EIt%20seems%20like%20there%20are%20many%20different%20places%20in%20to%20configure%20notifications.%20i.e.%2C%20the%20M365%20Message%20Center%20and%20Service%20Health%20have%20places%2C%20Azure%20AD%20has%20one%2C%20Compliance%20center%20does%20and%20I'm%20sure%20that%20there%20are%20some%20others%20that%20I'm%20not%20remembering.%20Where%20can%20we%20find%20a%20comprehensive%20listing%20of%20these%3F%20How%20we%20ensure%20that%20the%20values%20are%20updated%20when%20admin%20changes%20are%20made%3F%20Governing%20this%20can%20be%20a%20challenge%2C%20does%20anyone%20have%20any%20suggestions%3F%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2117678%22%20slang%3D%22en-US%22%3ERe%3A%20Get%20email%20notifications%20on%20new%20incidents%20from%20Microsoft%20365%20Defender%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2117678%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F682855%22%20target%3D%22_blank%22%3E%40JoseSetienMDM%3C%2FA%3E%26nbsp%3Byou%20can%20set%20device%20groups%20in%20Defender%20for%20Endpoint%20and%20choose%20to%20get%20only%20these%20notifications%20as%20emails.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2255508%22%20slang%3D%22en-US%22%3ERe%3A%20Get%20email%20notifications%20on%20new%20incidents%20from%20Microsoft%20365%20Defender%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2255508%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EGreat%20feature!%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2426088%22%20slang%3D%22en-US%22%3ERe%3A%20Get%20email%20notifications%20on%20new%20incidents%20from%20Microsoft%20365%20Defender%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2426088%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F747968%22%20target%3D%22_blank%22%3E%40Idan_Pelleg%3C%2FA%3EGreat%20post%20which%20is%20linked%20at%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-365-defender%2Fbecome-a-microsoft-365-defender-ninja%2Fba-p%2F1789376%22%20target%3D%22_self%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-365-defender%2Fbecome-a-microsoft-365-defender-ninja%2Fba-p%2F1789376%3C%2FA%3E%20(Module%203.%20Investigation%20%E2%80%93%20Incident).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EUnfortuately%2C%20the%20link%20above%20to%20see%20the%20full%20instructions%20(%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fget-incident-notifications%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fmtp%2Fget-incident-notifications%3Fview%3Do365-worldwide%3C%2FA%3E)%20does%20no%20longer%20work.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20you%20change%20the%20link%20and%20replace%20it%20with%20this%20one%3F%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fdefender%2Fget-incident-notifications%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Fdefender%2Fget-incident-notifications%3Fview%3Do365-worldwide%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%2C%3C%2FP%3E%3CP%3EAndre%3C%2FP%3E%3C%2FLINGO-BODY%3E
Version history
Last update:
‎Dec 23 2020 07:01 AM
Updated by: