Merge pull request #2473 from MicrosoftDocs/diannegali-xdrupdates

updated XDR pages

Author: diannegali

defender-xdr/TOC.yml

@@ -121,7 +121,9 @@
         - name: Investigate data loss prevention alerts with Microsoft Sentinel
           href: dlp-investigate-alerts-sentinel.md
         - name: Investigate and respond to container threats
-          href: investigate-respond-container-threats.md           
+          href: investigate-respond-container-threats.md
+        - name: Investigate insider risk threats
+          href: irm-investigate-alerts-defender.md                         
       - name: Configure and manage automated investigation and response
         items:
         - name: Overview
@@ -428,15 +430,6 @@
           href: integrate-microsoft-365-defender-secops-use-cases.md
         - name: Step 6. SOC maintenance tasks
           href: integrate-microsoft-365-defender-secops-tasks.md
-      - name: Optimize your security operations
-        items:
-        - name: SOC optimization overview
-          display name: SOC optimization
-          href: /azure/sentinel/soc-optimization/soc-optimization-access?toc=/defender-xdr/toc.json&bc=/defender-xdr/breadcrumb/toc.json
-        - name: Use SOC optimizations programmatically
-          href: /azure/sentinel/soc-optimization/soc-optimization-api?toc=/defender-xdr/toc.json&bc=/defender-xdr/breadcrumb/toc.json
-        - name: SOC optimization reference
-          href: /azure/sentinel/soc-optimization/soc-optimization-reference?toc=/defender-xdr/toc.json&bc=/defender-xdr/breadcrumb/toc.json
     - name: Manage multitenant environments
       items:
         - name: Overview

defender-xdr/configure-email-notifications.md

@@ -12,7 +12,7 @@ ms.collection:
 - tier2
 ms.topic: conceptual
 search.appverid: met150
-ms.date: 07/08/2024
+ms.date: 01/17/2025
 ---
 
 # Configure alert notifications
@@ -43,9 +43,10 @@ If you're using role-based access control (RBAC), recipients will only receive n
 The email notification includes basic information about the alert and a link to the portal where you can do further investigation.
 
 ## Create rules for alert notifications
+
 You can create rules that determine the devices and alert severities to send email notifications for and the notification recipients.
 
-1. Go to [Microsoft Defender XDR](https://go.microsoft.com/fwlink/p/?linkid=2077139) and sign in using an account with the Security administrator or Global administrator role assigned.
+1. Go to the [Microsoft Defender portal](https://go.microsoft.com/fwlink/p/?linkid=2077139) and sign in using an account with the Security administrator or Global administrator role assigned.
 
 2. In the navigation pane, select **Settings** \> **Endpoints** \> **General** \> **Email notifications**.
 
@@ -102,5 +103,5 @@ This section lists various issues that you may encounter when using email notifi
 - [Update data retention settings](/defender-endpoint/preferences-setup)
 - [Configure advanced features](/defender-endpoint/advanced-features)
 - [Configure vulnerability email notifications](/defender-endpoint/configure-vulnerability-email-notifications)
-[!INCLUDE [Microsoft Defender XDR rebranding](../includes/defender-m3d-techcommunity.md)]
 
+[!INCLUDE [Microsoft Defender XDR rebranding](../includes/defender-m3d-techcommunity.md)]

defender-xdr/m365d-notifications-incidents.md

@@ -16,20 +16,18 @@ ms.topic: conceptual
 search.appverid: 
   - MOE150
   - MET150
-ms.date: 07/08/2024
+ms.date: 01/17/2025
+appliesto:
+- Microsoft Defender XDR
 ---
 
 # Get incident notifications by email
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
-**Applies to:**
-
-- Microsoft Defender XDR
-
 [!INCLUDE [Prerelease](../includes/prerelease.md)]
 
-You can set up Microsoft Defender XDR to notify your staff with an email about new incidents or updates to existing incidents. You can choose to get notifications based on:
+You can set up email notifications for your staff to get notified about new incidents or updates to existing incidents. You can choose to get notifications based on:
 
 - Alert severity
 - Alert sources 
@@ -59,32 +57,28 @@ Likewise, if your organization is using role-based access control (RBAC), you ca
 
 Follow these steps to create a new rule and customize email notification settings.
 
-1. Go to [Microsoft Defender XDR](https://security.microsoft.com) in the navigation pane, select **Settings > Microsoft Defender XDR > Incident email notifications**.
-2. Select **Add item**.
+1. Go to the [Microsoft Defender portal](https://security.microsoft.com). In the navigation pane, select **Settings > Microsoft Defender XDR**, then select **Email notifications** under General.
+2. In the **Incidents** tab, select **Add incident notification rule**.
 3. On the **Basics** page, type the rule name and a description, and then select **Next**.
 4. On the **Notification settings** page, configure:
-    - **Alert severity** - Choose the alert severities that will trigger an incident notification. For example, if you only want to be informed about high-severity incidents, select **High**.
+    - **Alert severity** - Choose the alert severities that triggers an incident notification. For example, if you only want to be informed about high-severity incidents, select **High**.
     - **Device group scope** - You can specify all device groups or select from the list of device groups in your tenant.
     - **Send only one notification per incident** - Select if you want one notification per incident.
     - **Include organization name in the email** - Select if you want your organization name to appear in the email notification.
     - **Include tenant-specific portal link** - Select if you want to add a link with the tenant ID in the email notification for access to a specific Microsoft 365 tenant.
 
-    :::image type="content" source="/defender/media/get-incident-notifications/incidents-email-notification-settings.png" alt-text="Screenshot of the Notification settings page for incident email notifications in the Microsoft Defender portal." lightbox="/defender/media/get-incident-notifications/incidents-email-notification-settings.png":::
+    :::image type="content" source="/defender/media/get-incident-notifications/incident-notif-settings-small.png" alt-text="Screenshot of the Notification settings page for incident email notifications in the Microsoft Defender portal." lightbox="/defender/media/get-incident-notifications/incident-notif-settings.png":::
 
-5. Select **Next**. On the **Recipients** page, add the email addresses that will receive the incident notifications. Select **Add** after typing each new email address. To test notifications and ensure that the recipients receive them in the inboxes, select **Send test email**.
+5. Select **Next**. On the **Recipients** page, add the email addresses where the incident notifications are to be sent. Select **Add** after typing each new email address. To test notifications and ensure that the recipients receive them in the inboxes, select **Send test email**.
 6. Select **Next**. On the **Review rule** page, review the settings of the rule, and then select **Create rule**. Recipients will start receiving incident notifications through email based on the settings.
 
 To edit an existing rule, select it from the list of rules. On the pane with the rule name, select **Edit rule** and make your changes on the **Basics**, **Notification settings**, and **Recipients** pages.
 
 To delete a rule, select it from the list of rules. On the pane with the rule name, select **Delete**.
 
-Once you get the notification, you can go directly to the incident and start your investigation right away. For more information on investigating incidents, see [Investigate incidents in Microsoft Defender XDR](investigate-incidents.md).
+Once you get the notification, you can go directly to the incident and start your investigation right away. For more information on investigating incidents, see [Investigate incidents](investigate-incidents.md).
 
 ## Next steps
 
 - [Get email notifications on response actions](m365d-response-actions-notifications.md)
 - [Get email notifications about new reports in Threat analytics](m365d-threat-analytics-notifications.md)
-
-## See also
-
-- [Investigate incidents in Microsoft Defender XDR](investigate-incidents.md)

defender-xdr/m365d-response-actions-notifications.md

@@ -1,5 +1,5 @@
 ---
-title: Get email notifications for response actions in Microsoft Defender XDR
+title: Get email notifications for response actions
 description: Set up email notifications to get notified of manual and automated response actions in Microsoft Defender XDR.
 ms.service: defender-xdr
 f1.keywords: 
@@ -16,24 +16,22 @@ ms.topic: conceptual
 search.appverid: 
   - MOE150
   - MET150
-ms.date: 07/08/2024
+ms.date: 01/17/2025
+appliesto:
+- Microsoft Defender XDR
 ---
 
-# Get email notifications for response actions in Microsoft Defender XDR
+# Get email notifications for response actions
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
-**Applies to:**
-
-- Microsoft Defender XDR
-
 [!INCLUDE [Prerelease](../includes/prerelease.md)]
 
-You can set up Microsoft Defender XDR to notify you through email about manual or automated response actions.
+You can set up email notifications in the Microsoft Defender portal to notify you about manual or automated response actions.
 
-[Manual response actions](respond-first-incident-remediate.md#manual-remediation) are actions that security teams can use to stop threats or aid in investigation of attacks. These actions vary depending on the Defender workload enabled in your environment.
+Manual response actions are actions that security teams can use to stop threats or aid in investigation of attacks. These actions vary depending on the Defender workload enabled in your environment.
 
-[Automated response actions](respond-first-incident-remediate.md#automatic-remediation), on the other hand, are capabilities in Microsoft Defender XDR that scale investigation and resolution to threats automatically. Automated remediation capabilities consist of [automatic attack disruption](automatic-attack-disruption.md) and [automated investigation and response](m365d-autoir.md).
+Automated response actions are capabilities in Microsoft Defender XDR that scale investigation and resolution to threats automatically. Automated remediation capabilities consist of [automatic attack disruption](automatic-attack-disruption.md) and [automated investigation and response](m365d-autoir.md).
 
 > [!NOTE]
 > You need the **Manage security settings** permission to configure email notification settings. If you've chosen to use basic permissions management, users with Security Administrator or Global Administrator roles can configure email notifications. Likewise, if your organization is using [role-based access control (RBAC)](manage-rbac.md), you can only create, edit, delete, and receive notifications based on device groups that you are allowed to manage.
@@ -48,7 +46,7 @@ You can set up Microsoft Defender XDR to notify you through email about manual o
 
 To create a rule for email notifications, perform the following steps:
 
-1. In the navigation pane of Microsoft Defender XDR, select **Settings > Microsoft Defender XDR**.  Under **General**, select **Email notifications**. Go to the **Actions** tab.
+1. In the navigation pane of the Microsoft Defender portal, select **Settings > Microsoft Defender XDR**.  Under **General**, select **Email notifications**. Go to the **Actions** tab.
 :::image type="content" source="/defender/media/m35d-response-actions-notifications/fig1-response-notifications.png" alt-text="Actions tab in the Microsoft Defender XDR Settings page" lightbox="/defender/media/m35d-response-actions-notifications/fig1-response-notifications.png":::
 2. Select **Add notification rule**. Add a rule name and description under Basics. Both Name and Description fields accept letters, numbers, and spaces only.
 :::image type="content" source="/defender/media/m35d-response-actions-notifications/fig2-response-notifications.png" alt-text="Basics section of the add notification rule" lightbox="/defender/media/m35d-response-actions-notifications/fig2-response-notifications.png":::

defender-xdr/m365d-threat-analytics-notifications.md

@@ -17,57 +17,49 @@ ms.collection:
 ms.topic: conceptual
 ms.custom: seo-marvel-apr2020
 search.appverid: met150
-ms.date: 03/28/2024
+ms.date: 01/17/2025
+appliesto:
+- Microsoft Defender XDR
 ---
 
 # Get email notifications for Threat analytics updates
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
-**Applies to:**
-
-- Microsoft Defender XDR
-
-You can set up email notifications that sends you updates on [threat analytics](threat-analytics.md) reports.
+You can set up email notifications that send you updates on [threat analytics](threat-analytics.md) reports.
 
 ## Set up email notifications for report updates
 
 To set up email notifications for threat analytics reports, perform the following steps:
 
-1. Select **Settings** in the Microsoft Defender XDR sidebar. Select **Microsoft Defender XDR** from the list of settings.
- 
-![Screenshot with "Settings" and "Microsoft Defender XDR" both highlighted in red](/defender/media/threat-analytics/ta_create_notification_0.png)
-
-2. Choose **Email notifications** > **Threat analytics**, and select the button, **+ Create a notification rule**. A flyout will appear.
+1. In the navigation pane of the Microsoft Defender portal, select **Settings > Microsoft Defender XDR**. Under **General**, select **Email notifications**.
 
-![Screenshot with "+ Create a notification rule" highlighted in red](/defender/media/threat-analytics/ta_create_notification_1.png)
+2. In the **Threat analytics** tab, select **+ Create a notification rule**. A flyout appears.
 
 3. Follow the steps listed in the flyout. First, give your new rule a name. The description field is optional, but a name is required. You can toggle the rule on or off using the checkbox under the description field.
 
-> [!NOTE]
-> The name and description fields for a new notification rule only accept English letters and numbers. They don't accept spaces, dashes, underscores, or any other punctuation.
-
-![Screenshot of the naming screen, with all fields filled out and the "Turn rule on" checkbox checked](/defender/media/threat-analytics/ta_create_notification_2.png)
+   > [!NOTE]
+   > The name and description fields for a new notification rule only accept English letters and numbers. Punctuations like spaces, dashes, underscores, aren't supported.
 
-4. Choose which kind of reports you want to be notified about. You can choose between being updated about all newly published or updated reports, or only those reports which have a certain tag or type.
+   ![Screenshot of the naming screen, with all fields filled out and the "Turn rule on" checkbox checked](/defender/media/threat-analytics/ta_create_notification_2.png)
 
-![Screenshot of the notification screen, with Ransomware tags selected and a drop down menu for types open](/defender/media/threat-analytics/ta_create_notification_3.png)
+4. Choose the reports you want to be notified about. You can choose to be updated about all newly published or updated reports or only those reports of a certain type or with a specific tag.
 
-5. Add at least one recipient to receive the notification emails. You can also use this screen to check how the notifications will be received, by sending a test email.
+   ![Screenshot of the notification screen, with Ransomware tags selected and a drop down menu for types open](/defender/media/threat-analytics/ta_create_notification_3.png)
 
-![Screenshot of the recipients screen. There are 3 recipients listed, and a test email has been sent, as indicated by a green checkmark](/defender/media/threat-analytics/ta_create_notification_4.png)
+5. Add at least one recipient to receive the notification emails. You can also use this screen to send a test email to check the notification settings.
 
-6. Review your new rule. If there is anything you would like to change, select the **Edit** button at the end of each subsection. Once your review is complete, select the **Create rule** button.
+   ![Screenshot of the recipients screen. There are 3 recipients listed, and a test email has been sent, as indicated by a green checkmark](/defender/media/threat-analytics/ta_create_notification_4.png)
 
-![Screenshot of the review screen. An edit button is highlighted in red](/defender/media/threat-analytics/ta_create_notification_5.png)
+6. Review your new rule. Select **Edit** at the end of each subsection to change any of the settings. Once your review is complete, select **Create rule**.
 
-7. Congratulations! Your new rule has been successfully created. Select the **Done** button to complete the process and close the flyout.
+   ![Screenshot of the review screen. An edit button is highlighted in red](/defender/media/threat-analytics/ta_create_notification_5.png)
 
-![Screenshot of the rule created screen. A successfully created rule will display green checkmarks along the sidebar, and a big green check in the main area of the screen](/defender/media/threat-analytics/ta_create_notification_6.png)
+7. Select **Done** to complete the process and close the flyout. 
 
-8. Your new rule will now appear in the list of Threat analytics email notifications.
+   ![Screenshot of the rule created screen. A successfully created rule will display green checkmarks along the sidebar, and a big green check in the main area of the screen](/defender/media/threat-analytics/ta_create_notification_6.png)
 
-![Screenshot of the list of email notification rules within the Settings screen](/defender/media/threat-analytics/ta_create_notification_7.png)
+Your new rule now appears in the list of Threat analytics email notifications.
 
 ## Next steps