Why information about such blocking does not visible in the Incidents & Notifications tab?

Copper Contributor

We have deployed ~20 enpoints via MS Intune.

Microsoft Defender for Endpoint Plan 1 and Microsoft Defender for Business licenses.

Several policies in Intune for file/folder exclusions and scan settings.

We have tested our deployment via standard PS and EICAR as mentioned in MS documentation.

All these alerts were shown in Incidents & Notifications in MS 365 Defender admin center.

Howewer, sometime our users complain about the appearance of such notifications in the system tray (in this case they are false-positive), which are then not displayed in MS 365 Defender admin center.

Alert service settings in the MS 365 Defender settings was left as "High-impact alerts only (Default).

0 Replies