Merge pull request #4658 from MicrosoftDocs/tvm-email-notification

Tvm email notification
2025-05-27 20:57:23 +00:00 · 2021-02-02 09:59:03 -08:00 · 2021-02-02 09:59:03 -08:00 · 8eb7c01893
commit 8eb7c01893
parent 15ae313748 68467d8801
5 changed files with 102 additions and 6 deletions
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@ -478,6 +478,7 @@
 #### [General]()
 ##### [Verify data storage location and  update data retention settings](microsoft-defender-atp/data-retention-settings.md)
 ##### [Configure alert notifications](microsoft-defender-atp/configure-email-notifications.md)
+##### [Configure vulnerability notifications](microsoft-defender-atp/configure-vulnerability-email-notifications.md)
 ##### [Configure advanced features](microsoft-defender-atp/advanced-features.md)

 #### [Permissions]()
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-vulnerability-email-notifications.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-vulnerability-email-notifications.md
@ -0,0 +1,93 @@
+---
+title: Configure vulnerability email notifications in Microsoft Defender for Endpoint
+description: Use Microsoft Defender for Endpoint to configure email notification settings for vulnerability events.
+keywords: email notifications, configure alert notifications, microsoft defender atp notifications, microsoft defender atp alerts, windows 10 enterprise, windows 10 education
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: ellevin
+author: levinec
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: article
+---
+
+# Configure vulnerability email notifications in Microsoft Defender for Endpoint
+
+[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
+
+**Applies to:**
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-emailconfig-abovefoldlink)
+
+Configure Microsoft Defender for Endpoint to send email notifications to specified recipients for new vulnerability events. This feature enables you to identify a group of individuals who will immediately be informed and can act on the notifications based on the event. The vulnerability information comes from Defender for Endpoint's [threat and vulnerability management](next-gen-threat-and-vuln-mgt.md) capability.
+
+> [!NOTE]
+> Only users with 'Manage security settings' permissions can configure email notifications. If you've chosen to use basic permissions management, users with Security Administrator or Global Administrator roles can configure email notifications. [Learn more about permission options](user-roles.md)
+
+The notification rules allow you to set the vulnerability events that trigger notifications, and add or remove email notification recipients. New recipients get notified about vulnerabilities after they are added.
+
+If you're using role-based access control (RBAC), recipients will only receive notifications based on the device groups that were configured in the notification rule.
+Users with the proper permission can only create, edit, or delete notifications that are limited to their device group management scope. Only users assigned to the Global administrator role can manage notification rules that are configured for all device groups.
+
+The email notification includes basic information about the vulnerability event. There are also links to filtered views in the threat and vulnerability management [Security recommendations](tvm-security-recommendation.md) and [Weaknesses](tvm-weaknesses.md) pages in the portal so you can further investigate. For example, you could get a list of all exposed devices or get additional details about the vulnerability.
+
+## Create rules for alert notifications
+
+Create a notification rule to send an email when there are certain exploit or vulnerability events, such as a new public exploit. For each rule, multiple event types can be selected.
+
+1. In the navigation pane, go to **Settings** > **Email notifications** > **Vulnerabilities**.
+
+2. Select **Add notification rule**.
+
+3. Name the email notification rule and include a description.
+
+4. Check **Notification enabled** to activate the notification. Select **Next**
+
+5. Fill in the notification settings. Then select **Next**
+
+    - Choose device groups to get notifications for.
+    - Choose the vulnerability event(s) that you want to be notified about when they affect your organization.
+        - Options: new vulnerability found (including severity threshold), new public exploit, exploit added to an exploit kit, exploit was verified.
+    - Include organization name if you want the organization name in the email
+
+6. Enter the recipient email address then select **Add**. You can add multiple email addresses.
+
+7. Review the settings for the new email notification rule and select **Create rule** when you're ready to create it.
+
+## Edit a notification rule
+
+1. Select the notification rule you'd like to edit.
+
+2. Select the **Edit rule** button next to the pencil icon in the flyout. Make sure you have permission to edit or delete the rule.
+
+## Delete notification rule
+
+1. Select the notification rule you'd like to delete.
+
+2. Select the **Delete** button next to the trash can icon in the flyout. Make sure you have permission to edit or delete the rule.
+
+## Troubleshoot email notifications for alerts
+
+This section lists various issues that you may encounter when using email notifications for alerts.
+
+**Problem:** Intended recipients report they are not getting the notifications.
+
+**Solution:** Make sure that the notifications are not blocked by email filters:
+
+1. Check that the Defender for Endpoint email notifications are not sent to the Junk Email folder. Mark them as Not junk.
+2. Check that your email security product is not blocking the email notifications from Defender for Endpoint.
+3. Check your email application rules that might be catching and moving your Defender for Endpoint email notifications.
+
+## Related topics
+
+- [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md)
+- [Security recommendations](tvm-security-recommendation.md)
+- [Weaknesses](tvm-weaknesses.md)
+- [Event timeline](threat-and-vuln-mgt-event-timeline.md)
--- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md
@ -33,6 +33,9 @@ Event timeline is a risk news feed that helps you interpret how risk is introduc

 Event timeline also tells the story of your [exposure score](tvm-exposure-score.md) and [Microsoft Secure Score for Devices](tvm-microsoft-secure-score-devices.md) so you can determine the cause of large changes. Events can impact your devices or your score for devices. Reduce you exposure by addressing what needs to be remediated based on the prioritized [security recommendations](tvm-security-recommendation.md).

+>[!TIP]
+>To get emails about new vulnerability events, see [Configure vulnerability email notifications in Microsoft Defender for Endpoint](configure-vulnerability-email-notifications.md)
+
 ## Navigate to the Event timeline page

 There are also three entry points from the [threat and vulnerability management dashboard](tvm-dashboard-insights.md):
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
@ -34,6 +34,9 @@ Cybersecurity weaknesses identified in your organization are mapped to actionabl

 Each security recommendation includes actionable remediation steps. To help with task management, the recommendation can also be sent using Microsoft Intune and Microsoft Endpoint Configuration Manager. When the threat landscape changes, the recommendation also changes as it continuously collects information from your environment.

+>[!TIP]
+>To get emails about new vulnerability events, see [Configure vulnerability email notifications in Microsoft Defender for Endpoint](configure-vulnerability-email-notifications.md)
+
 ## How it works

 Each device in the organization is scored based on three important factors to help customers to focus on the right things at the right time.
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md
@ -36,12 +36,8 @@ The **Weaknesses** page lists the software vulnerabilities your devices are expo
 >[!NOTE]
 >If there is no official CVE-ID assigned to a vulnerability, the vulnerability name is assigned by threat and vulnerability management.

->[!IMPORTANT]
->To boost your vulnerability assessment detection rates, you can download the following mandatory security updates and deploy them in your network:
->- 19H1 customers | [KB 4512941](https://support.microsoft.com/help/4512941/windows-10-update-kb4512941)
->- RS5 customers | [KB 4516077](https://support.microsoft.com/help/4516077/windows-10-update-kb4516077)
->- RS4 customers | [KB 4516045](https://support.microsoft.com/help/4516045/windows-10-update-kb4516045)
->- RS3 customers | [KB 4516071](https://support.microsoft.com/help/4516071/windows-10-update-kb4516071)
+>[!TIP]
+>To get emails about new vulnerability events, see [Configure vulnerability email notifications in Microsoft Defender for Endpoint](configure-vulnerability-email-notifications.md)

 ## Navigate to the Weaknesses page