Blog Post

Microsoft Defender XDR Blog
1 MIN READ

Get email notifications on new incidents from Microsoft 365 Defender

Idan_Pelleg's avatar
Idan_Pelleg
Icon for Microsoft rankMicrosoft
Dec 23, 2020

A new Microsoft 365 Defender feature now lets you receive notification emails directly to your mailbox for each new incident or incident update, this will help you to stay on top of the incident queue.

Get notifications based on incident severity or by device group. You can also choose to only be notified on the first update for each incident.

 
 
 
 
 
 

 

The notification email contains important details like the incident name, severity, and category.

 

This notification email enables you to review your incidents effectively, without requiring any trouble ticketing system or API integrations.  It can be a big help in transitioning your security operations processes and leveraging the great efficiency improvements provided through the incident's alert correlation capabilities

 

Once you get the notification, you can go directly to the incident and start your investigation right away. For more information on investigating incidents, see Investigate incidents in Microsoft 365 Defender.

 

If you are looking for more information on how to set up incident email notification in Microsoft 365 Defender, see the full instructions.

 

 

 

 

Updated Jul 03, 2022
Version 2.0
incident management

5 Comments

Sort By
  • amueller-tf's avatar
    amueller-tf
    Brass Contributor
    Jun 08, 2021

    Idan_PellegGreat post which is linked at https://techcommunity.microsoft.com/t5/microsoft-365-defender/become-a-microsoft-365-defender-ninja/ba-p/1789376 (Module 3. Investigation – Incident).

     

    Unfortuately, the link above to see the full instructions (https://docs.microsoft.com/en-us/microsoft-365/security/mtp/get-incident-notifications?view=o365-worldwide) does no longer work.

     

    Can you change the link and replace it with this one? https://docs.microsoft.com/en-us/microsoft-365/security/defender/get-incident-notifications?view=o365-worldwide

     

    Thanks,

    Andre

  • Dean_Gross's avatar
    Dean_Gross
    Silver Contributor
    Feb 07, 2021

    It seems like there are many different places in to configure notifications. i.e., the M365 Message Center and Service Health have places, Azure AD has one, Compliance center does and I'm sure that there are some others that I'm not remembering. Where can we find a comprehensive listing of these? How we ensure that the values are updated when admin changes are made? Governing this can be a challenge, does anyone have any suggestions?  

  • JoseSetienMDM's avatar
    JoseSetienMDM
    Iron Contributor
    Jan 04, 2021

    :cool:

    Great feature! Can I specifically get e-mail notifications for iOS & Android devices only? Or is this just security group based?