Sep 04 2023 03:55 AM - edited Sep 04 2023 07:26 AM
We have deployed ~20 enpoints via MS Intune.
Microsoft Defender for Endpoint Plan 1 and Microsoft Defender for Business licenses.
Several policies in Intune for file/folder exclusions and scan settings.
We have tested our deployment via standard PS and EICAR as mentioned in MS documentation.
All these alerts were shown in Incidents & Notifications in MS 365 Defender admin center.
Howewer, sometime our users complain about the appearance of such notifications in the system tray (in this case they are false-positive), which are then not displayed in MS 365 Defender admin center.
Alert service settings in the MS 365 Defender settings was left as "High-impact alerts only (Default).