MicrosoftDocs
diff --git a/‎articles/security-center/media/workflow-automation/add-workflow.png
-1.48 KB b/‎articles/security-center/media/workflow-automation/add-workflow.png
-1.48 KB
diff --git a/‎articles/security-center/media/workflow-automation/list-of-workflow-automations.png
-1.45 KB b/‎articles/security-center/media/workflow-automation/list-of-workflow-automations.png
-1.45 KB
diff --git a/‎articles/security-center/media/workflow-automation/manually-trigger-logic-app.png
-2.63 KB b/‎articles/security-center/media/workflow-automation/manually-trigger-logic-app.png
-2.63 KB
diff --git a/‎articles/security-center/security-center-provide-security-contact-details.md
Lines changed: 13 additions & 12 deletions b/‎articles/security-center/security-center-provide-security-contact-details.md
Lines changed: 13 additions & 12 deletions
diff --git a/‎articles/security-center/workflow-automation.md
Lines changed: 12 additions & 9 deletions b/‎articles/security-center/workflow-automation.md
Lines changed: 12 additions & 9 deletions
@@ -16,15 +16,18 @@ ms.author: memildin
 
 ---
 # Provide security contact details in Azure Security Center
-Azure Security Center will recommend that you provide security contact details for your Azure subscription if you haven’t already. This information will be used by Microsoft to contact you if the Microsoft Security Response Center (MSRC) discovers that your customer data has been accessed by an unlawful or unauthorized party. MSRC performs select security monitoring of the Azure network and infrastructure and receives threat intelligence and abuse complaints from third parties.
+Azure Security Center will recommend that you provide security contact details for your Azure subscription if you haven't already. This information will be used by Microsoft to contact you if the Microsoft Security Response Center (MSRC) discovers that your customer data has been accessed by an unlawful or unauthorized party. MSRC performs select security monitoring of the Azure network and infrastructure and receives threat intelligence and abuse complaints from third parties.
 
 An email notification is sent on the first daily occurrence of an alert and only for high severity alerts. Email preferences can only be configured for subscription policies. Resource groups within a subscription will inherit these settings. Alerts are available only in the Standard tier of Azure Security Center.
 
 Alert email notifications are sent:
-- Only for high severity alerts
 - To a single email recipient per alert type per day  
 - No more than 3 email messages are sent to a single recipient in a single day
 - Each email message contains a single alert, not an aggregation of alerts
+- Only for high severity alerts
+
+> [!TIP]
+> For alerts with other severity levels, create a [workflow automation](workflow-automation.md) to use a Logic App that will send emails to the relevant personnel.
  
 For example, if an email message was already sent to alert you about an RDP attack, you will not receive another email message about an RDP attack on the same day, even if another alert is triggered. 
 
@@ -33,20 +36,18 @@ For example, if an email message was already sent to alert you about an RDP atta
 
 ## Set up email notifications for alerts <a name="email"></a>
 
-1. From the portal, select **Pricing & settings**.
-1. Click on the subscription.
-1. Click **Email notifications**.
+1. Open the **Email notifications** page:
 
-> [!NOTE]
-> If you are implementing a recommendation, then Under **Recommendations**, select **Provide security contact details**, select the Azure subscription to provide contact information on. This opens **Email notifications**.
+    1. For alerts, open **Pricing & settings**, select the relevant subscription, and select **Email notifications**.
+
+    1. If you are implementing a recommendation, then Under **Recommendations**, select **Provide security contact details**, select the Azure subscription to provide contact information on. This opens **Email notifications**.
 
    ![Provide security contact details][2]
 
-   * Enter the security contact email address or addresses separated by commas. There is not a limit to the number of email addresses that you can enter.
-   * Enter one security contact international phone number.
-   * To receive emails about high severity alerts, turn on the option **Send me emails about alerts**.
-   * You have the option to send email notifications to subscription owners (classic Service Administrator and Co-Administrators, plus RBAC Owner role at the subscription scope).
-   * Select **Save** to apply the security contact information to your subscription.
+   * Enter the security contact email address or addresses separated by commas. There is no limit to the number of email addresses that you can enter.
+   * To receive emails about high severity alerts, turn on the option **Send me emails about alerts**. For other severity levels use a Logic App as explained in [workflow automation](workflow-automation.md).
+   * You can send email notifications to subscription owners (classic Service Administrator and Co-Administrators, plus RBAC Owner role at the subscription scope).
+   * To apply the security contact information to your subscription, select **Save**.
 
 ## See also
 To learn more about Security Center, see the following:
 
@@ -1,5 +1,5 @@
 ---
-title: Workflow automation (Preview) in Azure Security Center | Microsoft Docs
+title: Workflow automation in Azure Security Center | Microsoft Docs
 description: "Learn how to create and automate workflows in Azure Security Center"
 services: security-center
 author: memildin
@@ -11,14 +11,14 @@ ms.author: memildin
 ---
 
 
-# Workflow automation (Preview)
+# Workflow automation
 
 Every security program includes multiple workflows for incident response. These processes might include notifying relevant stakeholders, launching a change management process, and applying specific remediation steps. Security experts recommend that you automate as many steps of those procedures as you can. Automation reduces overhead. It can also improve your security by ensuring the process steps are done quickly, consistently, and according to your predefined requirements.
 
-This article describes the Workflow automation feature (preview) of Azure Security Center. This preview feature can trigger Logic Apps on security alerts and recommendations. For example, you might want Security Center to email a specific user when an alert occurs. You'll also learn how to create Logic Apps using [Azure Logic Apps](https://docs.microsoft.com/azure/logic-apps/logic-apps-overview).
+This article describes the workflow automation feature of Azure Security Center. This feature can trigger Logic Apps on security alerts and recommendations. For example, you might want Security Center to email a specific user when an alert occurs. You'll also learn how to create Logic Apps using [Azure Logic Apps](https://docs.microsoft.com/azure/logic-apps/logic-apps-overview).
 
 > [!NOTE]
-> If you previously used the Playbooks (Preview) view on the sidebar, you'll find the same features together with the expanded functionality in the new Workflow automation (Preview) page.
+> If you previously used the Playbooks (Preview) view on the sidebar, you'll find the same features together with the expanded functionality in the new workflow automation page.
 
 
 ## Requirements
@@ -34,7 +34,7 @@ This article describes the Workflow automation feature (preview) of Azure Securi
 
 ## Create a Logic App and define when it should automatically run 
 
-1. From Security Center's sidebar, select **Workflow automation (Preview)**.
+1. From Security Center's sidebar, select **Workflow automation**.
 
     [![List of workflow automations](media/workflow-automation/list-of-workflow-automations.png)](media/workflow-automation/list-of-workflow-automations.png#lightbox)
 
@@ -60,8 +60,11 @@ This article describes the Workflow automation feature (preview) of Azure Securi
 
     In the Logic App designer the following triggers from the Security Center connectors are supported:
 
-    * **When an Azure Security Center Recommendation is created or triggered (Preview)**
-    * **When an Azure Security Center Alert is created or triggered (Preview)**
+    * **When an Azure Security Center Recommendation is created or triggered**
+    * **When an Azure Security Center Alert is created or triggered** 
+    
+    > [!TIP]
+    > You can customize the trigger so that it relates only to alerts with the severity levels that interest you.
     
     > [!NOTE]
     > If you are using the legacy trigger "When a response to an Azure Security Center alert is triggered", your Logic Apps will not be launched by the Workflow Automation feature. Instead, use either of the triggers mentioned above. 
@@ -77,9 +80,9 @@ This article describes the Workflow automation feature (preview) of Azure Securi
 
 ## Manually trigger a Logic App
 
-You can also run Logic Apps manually when viewing a security recommendation.
+You can also run Logic Apps manually when viewing a security alert or any recommendation that offers [Quick Fix remediation](https://docs.microsoft.com/azure/security-center/security-center-remediate-recommendations#quick-fix-remediation).
 
-To manually run a Logic App, open a recommendation and click Trigger Logic App (Preview):
+To manually run a Logic App, open an alert or a recommendation that supports Quick Fix remediation and click **Trigger Logic App**:
 
 [![Manually trigger a Logic App](media/workflow-automation/manually-trigger-logic-app.png)](media/workflow-automation/manually-trigger-logic-app.png#lightbox)