From 3429d0dfbf1262497b4725167194dacd21119cda Mon Sep 17 00:00:00 2001 From: eavena Date: Mon, 31 Oct 2016 14:06:22 +1100 Subject: [PATCH 01/10] Created new file --- ...ows-defender-advanced-threat-protection.md | 61 +++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md diff --git a/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..fd5d451a1e --- /dev/null +++ b/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md @@ -0,0 +1,61 @@ +--- +title: Configure Email Notifications +description: Use Group Policy to deploy the configuration package on endpoints so that they are onboarded to the service. +keywords: configure endpoints using group policy, endpoint management, configure Windows ATP endpoints, configure Windows Defender Advanced Threat Protection endpoints, group policy +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +author: eavena +localizationpriority: high +--- + +# Configure email notifications + +## second + +**Applies to:** + +- Windows 10 Enterprise +- Windows 10 Education +- Windows 10 Pro +- Windows 10 Pro Education +- Windows Defender Advanced Threat Protection (Windows Defender ATP) + +Windows Defender ATP supports email notifications to be sent to recipients list on every new alert in the portal. +Email notifications are equivalent to ‘New Alerts’ queue, so that every new alert added to the queue will be sent over email to recipients according to the chosen severities. +Every email includes basic information on the new alert and a link to the portal specific alert’s page for further investigation. + +To configure email notifications open email notifications preferences page on the right pane: +Preferences Setup  Email Notifications +In email notifications preferences page, you can define the following: + + 1. Alert Severity - severity of alerts to be notified on. By default, High and Medium alerts will be sent. + + 2. Email recipients - define the email recipients within your organization to be notified on new alerts. + + 3. Click ‘Save Preferences’. +Note: to check that email recipients are able to receive the emails click ‘Send a test Email’. +Emails are sent from @WDATP.microsoft.com + +Troubleshooting: consider adding info in case emails are not received (maybe due to rules blocking the domain, emails moved to junk/….) + + +1. + +2. + +3. + +- one +- two + +> +> Not a note + + +--- | ---| + + +[Hyperlink](actual link) From fb6fc8302080221acff90079c7cccdd056d046a2 Mon Sep 17 00:00:00 2001 From: eavena Date: Mon, 31 Oct 2016 14:16:22 +1100 Subject: [PATCH 02/10] update --- ...notifications-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md index fd5d451a1e..f48249f55e 100644 --- a/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md @@ -54,7 +54,7 @@ Troubleshooting: consider adding info in case emails are not received (maybe due > > Not a note - +gfghf --- | ---| From 5764a38d4a502934ae76c3edf07a59c865648000 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Sun, 27 Nov 2016 14:11:14 -0800 Subject: [PATCH 03/10] email notification draft --- ...ows-defender-advanced-threat-protection.md | 60 +++++++++---------- 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md index f48249f55e..4b58023e04 100644 --- a/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md @@ -1,20 +1,18 @@ --- -title: Configure Email Notifications -description: Use Group Policy to deploy the configuration package on endpoints so that they are onboarded to the service. -keywords: configure endpoints using group policy, endpoint management, configure Windows ATP endpoints, configure Windows Defender Advanced Threat Protection endpoints, group policy +title: Configure email notifications +description: Send email notifications to specified recipients to receive new alerts. +keywords: email notifications, alert notifications, alerts, notification search.product: eADQiWindows 10XVcnh ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: eavena +author: jcaparas localizationpriority: high --- # Configure email notifications -## second - **Applies to:** - Windows 10 Enterprise @@ -23,39 +21,41 @@ localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -Windows Defender ATP supports email notifications to be sent to recipients list on every new alert in the portal. -Email notifications are equivalent to ‘New Alerts’ queue, so that every new alert added to the queue will be sent over email to recipients according to the chosen severities. -Every email includes basic information on the new alert and a link to the portal specific alert’s page for further investigation. +You can configure Windows Defender ATP to send email notifications to specified recipients for new alerts. This feature enables you to identify a group of individuals who will immediately be informed and can act on alerts based on their severity. -To configure email notifications open email notifications preferences page on the right pane: -Preferences Setup  Email Notifications -In email notifications preferences page, you can define the following: - - 1. Alert Severity - severity of alerts to be notified on. By default, High and Medium alerts will be sent. +You can set the severity level that triggers notifications for specific recipients. When you turn enable the email notifications feature, it’s set to high and medium alerts by default. - 2. Email recipients - define the email recipients within your organization to be notified on new alerts. - - 3. Click ‘Save Preferences’. -Note: to check that email recipients are able to receive the emails click ‘Send a test Email’. -Emails are sent from @WDATP.microsoft.com +You can also add or remove recipients of the email notification. New recipients get notified about alerts encountered after they are added. For more information about alerts, see [View and organize the Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md). -Troubleshooting: consider adding info in case emails are not received (maybe due to rules blocking the domain, emails moved to junk/….) +The email notification includes basic information about the alert and a link to the portal where you can do further investigation. +## Set up email notifications for alerts +The email notifications feature is turned off by default. Turn it on to start receiving email notifications. -1. +1. On the navigation pane, select **Preferences Setup** > **Email Notifications**. +2. Toggle the setting between **On** and **Off**. +3. Select the alert severity level that you’d like your recipients to receive: + - **High (high alerts only)** – Select this level if you’d like to limit notifications to threats often associated with advanced persistent threats (APT). + - **Medium** – Select this level to receive notifications that were flagged as medium severity. + - **Low** - Select this level to receive notifications that were flagged as low severity. +4. In **Email recipients to notify on new alerts**, type the email address then select the + sign. +5. Click **Save preferences** when you’ve completed adding all the recipients. -2. +Check that email recipients are able to receive the email notifications by selecting **Send test email**. -3. +## Delete email recipients -- one -- two +1. Select the trash bin icon beside the email address you’d like to remove. +2. Click **Save preferences**. -> -> Not a note +## Troubleshoot email notifications for alerts +This section lists various issues that you may encounter when using email notifications for alerts. -gfghf ---- | ---| +**Intended recipients do not receive the email alerts** +**Problem:** Intended recipients report they are not getting the notifications, even if you can successfully send the test email from the Windows ATP portal. -[Hyperlink](actual link) +**Solution:** Make sure that the notifications are not blocked by email filters: +1. Check that the Windows Defender ATP email notifications are not sent to the Junk Email folder. Mark them as Not junk. +2. Check that your email security product is not blocking the email notifications from Windows Defender ATP. +3. Check your Outlook rules for any rule that are catching and moving your Windows Defender ATP email notifications. From 2147626a3095d2ecdc2f11e710226344ad063324 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Sun, 27 Nov 2016 14:41:30 -0800 Subject: [PATCH 04/10] fix author name --- ...notifications-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md index 4b58023e04..3c0db1fa42 100644 --- a/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: jcaparas +author: mjcaparas localizationpriority: high --- From 32dccf9c3f38afdb0259d929b9315965560ddb35 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Sun, 27 Nov 2016 14:43:57 -0800 Subject: [PATCH 05/10] add email notifications topic --- windows/keep-secure/TOC.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/keep-secure/TOC.md b/windows/keep-secure/TOC.md index eaedfbf278..4fcb331871 100644 --- a/windows/keep-secure/TOC.md +++ b/windows/keep-secure/TOC.md @@ -744,6 +744,7 @@ ##### [Configure an Azure Active Directory application for SIEM integration](configure-aad-windows-defender-advanced-threat-protection.md) ##### [Configure Splunk to consume Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md) ##### [Configure HP ArcSight to consume Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md) +#### [Configure email notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md) #### [Troubleshoot Windows Defender ATP](troubleshoot-windows-defender-advanced-threat-protection.md) #### [Review events and errors on endpoints with Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md) #### [Windows Defender compatibility](defender-compatibility-windows-defender-advanced-threat-protection.md) From d6c529ee44945adf896f0dd82fa5f5c729e7430f Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Sun, 27 Nov 2016 15:34:59 -0800 Subject: [PATCH 06/10] edits based on louie's comments --- ...ions-windows-defender-advanced-threat-protection.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md index 3c0db1fa42..befdb6dee3 100644 --- a/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md @@ -23,7 +23,7 @@ localizationpriority: high You can configure Windows Defender ATP to send email notifications to specified recipients for new alerts. This feature enables you to identify a group of individuals who will immediately be informed and can act on alerts based on their severity. -You can set the severity level that triggers notifications for specific recipients. When you turn enable the email notifications feature, it’s set to high and medium alerts by default. +You can set the alert severity levels that trigger notifications. When you turn enable the email notifications feature, it’s set to high and medium alerts by default. You can also add or remove recipients of the email notification. New recipients get notified about alerts encountered after they are added. For more information about alerts, see [View and organize the Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md). @@ -35,9 +35,9 @@ The email notifications feature is turned off by default. Turn it on to start re 1. On the navigation pane, select **Preferences Setup** > **Email Notifications**. 2. Toggle the setting between **On** and **Off**. 3. Select the alert severity level that you’d like your recipients to receive: - - **High (high alerts only)** – Select this level if you’d like to limit notifications to threats often associated with advanced persistent threats (APT). - - **Medium** – Select this level to receive notifications that were flagged as medium severity. - - **Low** - Select this level to receive notifications that were flagged as low severity. + - **High** – Select this level if you’d like to limit notifications to threats often associated with advanced persistent threats (APT). + - **Medium** – Select this level to send notifications for medium-severity alerts. + - **Low** - Select this level to sebd notifications for low-severity alerts. 4. In **Email recipients to notify on new alerts**, type the email address then select the + sign. 5. Click **Save preferences** when you’ve completed adding all the recipients. @@ -58,4 +58,4 @@ This section lists various issues that you may encounter when using email notifi **Solution:** Make sure that the notifications are not blocked by email filters: 1. Check that the Windows Defender ATP email notifications are not sent to the Junk Email folder. Mark them as Not junk. 2. Check that your email security product is not blocking the email notifications from Windows Defender ATP. -3. Check your Outlook rules for any rule that are catching and moving your Windows Defender ATP email notifications. +3. Check your email application rules that might be catching and moving your Windows Defender ATP email notifications. From 6d44eeb34625a35bd45b70af787d350737305e9a Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 28 Nov 2016 14:18:24 -0800 Subject: [PATCH 07/10] modifications based on SME feedback --- ...windows-defender-advanced-threat-protection.md | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md index befdb6dee3..923df37659 100644 --- a/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md @@ -23,6 +23,9 @@ localizationpriority: high You can configure Windows Defender ATP to send email notifications to specified recipients for new alerts. This feature enables you to identify a group of individuals who will immediately be informed and can act on alerts based on their severity. +> [!NOTE] +> Only users with full access can configure email notifications. + You can set the alert severity levels that trigger notifications. When you turn enable the email notifications feature, it’s set to high and medium alerts by default. You can also add or remove recipients of the email notification. New recipients get notified about alerts encountered after they are added. For more information about alerts, see [View and organize the Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md). @@ -35,25 +38,25 @@ The email notifications feature is turned off by default. Turn it on to start re 1. On the navigation pane, select **Preferences Setup** > **Email Notifications**. 2. Toggle the setting between **On** and **Off**. 3. Select the alert severity level that you’d like your recipients to receive: - - **High** – Select this level if you’d like to limit notifications to threats often associated with advanced persistent threats (APT). + - **High** – Select this level to send notifications for high-severity alerts. - **Medium** – Select this level to send notifications for medium-severity alerts. - - **Low** - Select this level to sebd notifications for low-severity alerts. + - **Low** - Select this level to send notifications for low-severity alerts. 4. In **Email recipients to notify on new alerts**, type the email address then select the + sign. 5. Click **Save preferences** when you’ve completed adding all the recipients. -Check that email recipients are able to receive the email notifications by selecting **Send test email**. +Check that email recipients are able to receive the email notifications by selecting **Send test email**. All recipients in the list will receive the test email. -## Delete email recipients +## Remove email recipients 1. Select the trash bin icon beside the email address you’d like to remove. -2. Click **Save preferences**. +2. Click **Save preferences**. ## Troubleshoot email notifications for alerts This section lists various issues that you may encounter when using email notifications for alerts. **Intended recipients do not receive the email alerts** -**Problem:** Intended recipients report they are not getting the notifications, even if you can successfully send the test email from the Windows ATP portal. +**Problem:** Intended recipients report they are not getting the notifications. **Solution:** Make sure that the notifications are not blocked by email filters: 1. Check that the Windows Defender ATP email notifications are not sent to the Junk Email folder. Mark them as Not junk. From 6cf28f7ad9697cfde6d27b064987139aa88e3d97 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 28 Nov 2016 14:38:25 -0800 Subject: [PATCH 08/10] fix spacing --- ...-notifications-windows-defender-advanced-threat-protection.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md index 923df37659..ee330e3afd 100644 --- a/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md @@ -59,6 +59,7 @@ This section lists various issues that you may encounter when using email notifi **Problem:** Intended recipients report they are not getting the notifications. **Solution:** Make sure that the notifications are not blocked by email filters: + 1. Check that the Windows Defender ATP email notifications are not sent to the Junk Email folder. Mark them as Not junk. 2. Check that your email security product is not blocking the email notifications from Windows Defender ATP. 3. Check your email application rules that might be catching and moving your Windows Defender ATP email notifications. From e4c031952b0fe8319af8398231da03d52f0cccab Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 29 Nov 2016 18:35:46 -0800 Subject: [PATCH 09/10] remove redundant line --- ...notifications-windows-defender-advanced-threat-protection.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md index ee330e3afd..e0427308c8 100644 --- a/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md @@ -54,8 +54,6 @@ Check that email recipients are able to receive the email notifications by selec ## Troubleshoot email notifications for alerts This section lists various issues that you may encounter when using email notifications for alerts. -**Intended recipients do not receive the email alerts** - **Problem:** Intended recipients report they are not getting the notifications. **Solution:** Make sure that the notifications are not blocked by email filters: From eeed3edc32493bcc6cd1d7a1901080724b2c3389 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 30 Nov 2016 10:33:23 -0800 Subject: [PATCH 10/10] fix seo metatags based on seo review --- ...fications-windows-defender-advanced-threat-protection.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md index e0427308c8..19e99c915d 100644 --- a/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md @@ -1,7 +1,7 @@ --- -title: Configure email notifications -description: Send email notifications to specified recipients to receive new alerts. -keywords: email notifications, alert notifications, alerts, notification +title: Configure email notifications in Windows Defender ATP +description: Send email notifications to specified recipients to receive new alerts based on severity with Windows Defender ATP on Windows 10 Enterprise, Pro, and Education editions. +keywords: email notifications, configure alert notifications, windows defender atp notifications, windows defender atp alerts, windows 10 enterprise, windows 10 education search.product: eADQiWindows 10XVcnh ms.prod: w10 ms.mktglfcycl: deploy