Edit

Get email notifications for Threat analytics updates in Microsoft Defender XDR

  • Article

Applies to:

  • Microsoft Defender XDR

You can set up email notifications that will send you updates on threat analytics reports.

Set up email notifications for report updates

To set up email notifications for threat analytics reports, perform the following steps:

  1. Select Settings in the Microsoft Defender XDR sidebar. Select Microsoft Defender XDR from the list of settings.

Screenshot with "Settings" and "Microsoft Defender XDR" both highlighted in red

  1. Choose Email notifications > Threat analytics, and select the button, + Create a notification rule. A flyout will appear.

Screenshot with "+ Create a notification rule" highlighted in red

  1. Follow the steps listed in the flyout. First, give your new rule a name. The description field is optional, but a name is required. You can toggle the rule on or off using the checkbox under the description field.

Note

The name and description fields for a new notification rule only accept English letters and numbers. They don't accept spaces, dashes, underscores, or any other punctuation.

Screenshot of the naming screen, with all fields filled out and the "Turn rule on" checkbox checked

  1. Choose which kind of reports you want to be notified about. You can choose between being updated about all newly published or updated reports, or only those reports which have a certain tag or type.

Screenshot of the notification screen, with Ransomware tags selected and a drop down menu for types open

  1. Add at least one recipient to receive the notification emails. You can also use this screen to check how the notifications will be received, by sending a test email.

Screenshot of the recipients screen. There are 3 recipients listed, and a test email has been sent, as indicated by a green checkmark

  1. Review your new rule. If there is anything you would like to change, select the Edit button at the end of each subsection. Once your review is complete, select the Create rule button.

Screenshot of the review screen. An edit button is highlighted in red

  1. Congratulations! Your new rule has been successfully created. Select the Done button to complete the process and close the flyout.

Screenshot of the rule created screen. A successfully created rule will display green checkmarks along the sidebar, and a big green check in the main area of the screen

  1. Your new rule will now appear in the list of Threat analytics email notifications.

Screenshot of the list of email notification rules within the Settings screen

Next steps

Tip

Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender XDR Tech Community.