From 803e73d38c4261e29678bb384d31113ca2c5bb26 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Thu, 3 May 2018 15:13:21 -0700
Subject: [PATCH] add new email notifications flow

---
 ...ows-defender-advanced-threat-protection.md | 45 ++++++++++++-------
 1 file changed, 30 insertions(+), 15 deletions(-)

diff --git a/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md
index a6f16281b6..61e76829f0 100644
--- a/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md
@@ -38,29 +38,44 @@ You can also add or remove recipients of the email notification. New recipients
 
 The email notification includes basic information about the alert and a link to the portal where you can do further investigation.
 
-## Set up email notifications for alerts
-The email notifications feature is turned off by default. Turn it on to start receiving email notifications.
+## Create rules for alert notifications
+You can create rules that determine the machines and alert severities to send email notifications for and the notification recipients.
 
-1. On the navigation pane, select **Settings** > **Alert notifications**.
-2. Toggle the setting between **On** and **Off**.
-3.	Select the alert severity level that you’d like your recipients to receive:
-      - **High** – Select this level to send notifications for high-severity alerts.
-      - **Medium** – Select this level to send notifications for medium-severity alerts.
-      - **Low** - Select this level to send notifications for low-severity alerts.
-      - **Informational** - Select this level to send notification for alerts that might not be considered harmful but good to keep track of.
-4.	In **Email recipients to notify on new alerts**, type the email address then select the + sign.
-5.	Click **Save preferences** when you’ve completed adding all the recipients.
 
-Check that email recipients are able to receive the email notifications by selecting **Send test email**. All recipients in the list will receive the test email.
+1. In the navigation pane, select **Settings** > **General** > **Alert notifications**.
+
+2. Click **Add notification rule**.
+
+3.	Specify the General information:
+    - **Rule name**
+    - **Machines** - Choose whether to notify recipients for all alerts on all machines or on selected machine group. If you choose to only send on a selected machine group, make sure that the machine group has been created. For more information, see [Create and manage machine groups](machine-groups-windows-defender-advanced-threat-protection.md).
+    - **Alert severity** - Choose the alert severity level
+
+4. Click **Next**.
+	
+5. Enter the recipient's email address then click **Add recipient**. You can add multiple email addresses.
+
+6. Check that email recipients are able to receive the email notifications by selecting **Send test email**.
+
+7. Click **Save notification rule**.
 
 Here's an example email notification:
 
 ![Image of example email notification](images/atp-example-email-notification.png)
 
-## Remove email recipients
+## Edit a notification rule
+1. Select the notification rule you'd like to edit.
 
-1. Select the trash bin icon beside the email address you’d like to remove.
-2. Click **Save preferences**.
+2. Update the General and Recipient tab information.
+
+3. CLick **Save notification rule**.
+
+
+## Delete notification rule
+
+1. Select the notification rule you'd like to delete.
+
+2. Click **Delete**.
 
 
 ## Troubleshoot email notifications for alerts