mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-15 10:23:37 +00:00
removed automation notifications
This commit is contained in:
Joey Caparas
@ -93,7 +93,7 @@
|
||||
##### [Advanced hunting reference](windows-defender-atp\advanced-hunting-reference-windows-defender-advanced-threat-protection.md)
|
||||
##### [Advanced hunting query language best practices](windows-defender-atp\advanced-hunting-best-practices-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
### [Enable conditional access to better protect users, devices, and data](windows-defender-atp\conditional-access-windows-defender-advanced-threat-protection.md)
|
||||
#### [Enable conditional access to better protect users, devices, and data](windows-defender-atp\conditional-access-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
###API and SIEM support
|
||||
#### [Pull alerts to your SIEM tools](windows-defender-atp\configure-siem-windows-defender-advanced-threat-protection.md)
|
||||
@ -188,7 +188,6 @@
|
||||
####General
|
||||
##### [Update data retention settings](windows-defender-atp\data-retention-settings-windows-defender-advanced-threat-protection.md)
|
||||
##### [Configure alert notifications](windows-defender-atp\configure-email-notifications-windows-defender-advanced-threat-protection.md)
|
||||
##### [Configure automation notifications](windows-defender-atp\configure-automation-notifications-windows-defender-advanced-threat-protection.md)
|
||||
##### [Enable and create Power BI reports using Windows Defender ATP data](windows-defender-atp\powerbi-reports-windows-defender-advanced-threat-protection.md)
|
||||
##### [Enable Secure score security controls](windows-defender-atp\enable-secure-score-windows-defender-advanced-threat-protection.md)
|
||||
##### [Configure advanced features](windows-defender-atp\advanced-features-windows-defender-advanced-threat-protection.md)
|
||||
|
||||
@ -68,16 +68,45 @@ The following example sequence of events explains conditional access in action:
|
||||
> You'll need a valid Intune license to enable conditional access.
|
||||
|
||||
You'll need to take the following steps to enable conditional access:
|
||||
- Step 1: Turn on the Microsoft Intune connection from the Windows Defender ATP portal
|
||||
- Step 2: Turn on the Windows Defender ATP integration in Intune
|
||||
- Step 3: Create the compliance policy in Intune
|
||||
- Step 4: Assign the policy
|
||||
- Step 5: Create an Azure AD conditional access policy
|
||||
|
||||
1. Turn on the Microsoft Intune connection. For more information, see [Turn on advanced features](advanced-features-windows-defender-advanced-threat-protection.md).
|
||||
|
||||
2. Turn on the Windows Defender ATP integration in Intune.
|
||||
|
||||
- Ensure that machines are enrolled. For more information see, [Set up enrollment for Windows devices](https://docs.microsoft.com/en-us/intune/windows-enroll).
|
||||
### Step 1: Turn on the Microsoft Intune connection
|
||||
1. In the navigation pane, select **Preferences setup** > **Advanced features**.
|
||||
2. Toggle the Micorosft Intune setting to **On**.
|
||||
3. Click **Save preferences**.
|
||||
|
||||
3. Create a device compliance policy in Intune.
|
||||
### Step 2: Turn on the Windows Defender ATP integration in Intune
|
||||
1. Sign in to the [Azure portal](https://portal.azure.com).
|
||||
2. Select **All services**, filter on **Intune**, and select **Microsoft Intune**.
|
||||
3.
|
||||
|
||||
|
||||
### Step 3: Create the compliance policy in Intune
|
||||
1. In the [Azure portal](https://portal.azure.com), select **All services**, filter on **Intune**, and select **Microsoft Intune**.
|
||||
2. Select **Device compliance** > **Policies** > **Create policy**.
|
||||
3. Enter a **Name** and **Description**.
|
||||
4. In **Platform**, select **Windows 10 and later**.
|
||||
5. In the **Device Health** settings, set **Require the device to be at or under the Device Threat Level** to your preferred level:
|
||||
|
||||
- **Secured**: This level is the most secure. The device cannot have any existing threats and still access company resources. If any threats are found, the device is evaluated as noncompliant.
|
||||
- **Low**: The device is compliant if only low-level threats exist. Devices with medium or high threat levels are not compliant.
|
||||
- **Medium**: The device is compliant if the threats found on the device are low or medium. If high-level threats are detected, the device is determined as noncompliant.
|
||||
- **High**: This level is the least secure, and allows all threat levels. So devices that with high, medium or low threat levels are considered compliant.
|
||||
|
||||
6. Select **OK**, and **Create** to save your changes (and create the policy).
|
||||
|
||||
### Step 4: D
|
||||
1. In the [Azure portal](https://portal.azure.com), select **All services**, filter on **Intune**, and select **Microsoft Intune**.
|
||||
2. Select **Device compliance** > **Policies**> select your Windows Defender ATP compliance policy.
|
||||
3. Select **Assignments**.
|
||||
4. Include or exclude your Azure AD groups to assign them the policy.
|
||||
5. To deploy the policy to the groups, select **Save**. The user devices targeted by the policy are evaluated for compliance.
|
||||
|
||||
4. Define a conditional access policy in AAD. For more information, see [Get started with conditional access in Azure Active Directory](https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-azure-portal-get-started).
|
||||
|
||||
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-conditionalaccess-belowfoldlink)
|
||||
|
||||
|
||||
@ -1,69 +0,0 @@
|
||||
---
|
||||
title: Configure automation notifications in Windows Defender ATP
|
||||
description: Send automation notifications to specified recipients to receive emails based on certain conditions
|
||||
keywords: automation notifications, configure automation notifications, incrimination result, asset group, investigation status
|
||||
search.product: eADQiWindows 10XVcnh
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.author: macapara
|
||||
author: mjcaparas
|
||||
ms.localizationpriority: high
|
||||
ms.date: 04/16/2018
|
||||
---
|
||||
|
||||
# Configure automation notifications in Windows Defender ATP
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows 10 Enterprise
|
||||
- Windows 10 Education
|
||||
- Windows 10 Pro
|
||||
- Windows 10 Pro Education
|
||||
- Windows Defender Advanced Threat Protection (Windows Defender ATP)
|
||||
|
||||
[!include[Prerelease information](prerelease.md)]
|
||||
|
||||
>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationnotifcations-abovefoldlink)
|
||||
|
||||
You can configure Windows Defender ATP to send automation notifications to specified recipients based on certain conditions that you define. This helps you to identify a group of individuals who will immediately be informed and can act on automation notifications.
|
||||
|
||||
> [!NOTE]
|
||||
> Only users with full access can configure automation notifications.
|
||||
|
||||
|
||||
## Set up automation notification rules
|
||||
|
||||
1. In the navigation pane, select **Settings** > **General** > **Automation notifications**.
|
||||
2. Click **New notification rule**.
|
||||
3. Enter a rule name, email address, and select the condition for when the notification will be sent.
|
||||
|
||||
>[!NOTE]
|
||||
>You can add multiple email addresses and conditions.
|
||||
|
||||
The following conditions are supported:
|
||||
- Asset groups
|
||||
- Investigation status
|
||||
- Remediation type
|
||||
- Incrimination result
|
||||
|
||||
4. Click **Save notification rule**.
|
||||
|
||||
|
||||
## Edit an automation notification rule
|
||||
|
||||
1. Click **Edit rule**.
|
||||
2. Update the name of the rule, or recipients, or conditions.
|
||||
3. Click **Save notification rule**.
|
||||
|
||||
## Delete an automation notification rule
|
||||
1. Click **Delete rule**.
|
||||
2. Confirm that you want to delete the rule.
|
||||
|
||||
## Related topics
|
||||
- [Update data retention settings](data-retention-settings-windows-defender-advanced-threat-protection.md)
|
||||
- [Configure alert notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md)
|
||||
- [Enable and create Power BI reports using Windows Defender ATP data](powerbi-reports-windows-defender-advanced-threat-protection.md)
|
||||
- [Enable Secure Score security controls](enable-secure-score-windows-defender-advanced-threat-protection.md)
|
||||
- [Configure advanced features](advanced-features-windows-defender-advanced-threat-protection.md)
|
||||
Reference in New Issue
Block a user