From 414a24535c238b6328d4e228c551252f5784257d Mon Sep 17 00:00:00 2001 From: Yoni Heiblum Date: Sun, 6 May 2018 13:28:10 +0000 Subject: [PATCH] Updated configure-email-notifications-windows-defender-advanced-threat-protection.md --- ...cations-windows-defender-advanced-threat-protection.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md index c182936b37..42cf9bf182 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md @@ -30,11 +30,13 @@ ms.date: 05/01/2018 You can configure Windows Defender ATP to send email notifications to specified recipients for new alerts. This feature enables you to identify a group of individuals who will immediately be informed and can act on alerts based on their severity. > [!NOTE] -> Only users with full access can configure email notifications. If you've chosen to use role-based access control (RBAC), users with Security Administrator or Global Administrator roles can configure email notifications. +> Only users with 'Manage security settings' permissions can configure email notifications. If you've chosen to use basic permissions management, users with Security Administrator or Global Administrator roles can configure email notifications. You can set the alert severity levels that trigger notifications. You can also add or remove recipients of the email notification. New recipients get notified about alerts encountered after they are added. For more information about alerts, see [View and organize the Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md). -If you're using role-based access control (RBAC), recipients will only receive notifications based on the machine group that they are a part of. +If you're using role-based access control (RBAC), recipients will only receive notifications based on the machine groups that were configured in the notification rule. +Users with the proper permission can only create, edit, or delete notifications that are limited to their machine group management scope. +Only users assigned to the Global administrator role can manage notification rules that are configured for all machine groups. The email notification includes basic information about the alert and a link to the portal where you can do further investigation. @@ -49,7 +51,7 @@ You can create rules that determine the machines and alert severities to send em 3. Specify the General information: - **Rule name** - - **Machines** - Choose whether to notify recipients for all alerts on all machines or on selected machine group. If you choose to only send on a selected machine group, make sure that the machine group has been created. For more information, see [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md). + - **Machines** - Choose whether to notify recipients for alerts on all machines (Global administrator role only) or on selected machine groups. For more information, see [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md). - **Alert severity** - Choose the alert severity level 4. Click **Next**.