You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-xdr/get-started-xdr.md
+16-1Lines changed: 16 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -15,7 +15,7 @@ ms.collection:
15
15
- essentials-get-started
16
16
ms.topic: conceptual
17
17
search.appverid: met150
18
-
ms.date: 05/28/2024
18
+
ms.date: 06/28/2024
19
19
---
20
20
21
21
# Get started with Microsoft Defender Experts for XDR
@@ -36,6 +36,9 @@ Select the link in the welcome email to directly launch the Defender Experts set
36
36
37
37
## Grant permissions to our experts
38
38
39
+
> [!IMPORTANT]
40
+
> Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
41
+
39
42
By default, Defender Experts for XDR requires **Service provider access** that lets our experts sign into your tenant and deliver services based on assigned security roles. [Learn more about cross-tenant access](/azure/active-directory/external-identities/cross-tenant-access-overview)
40
43
41
44
You also need to grant our experts one or both of the following permissions:
@@ -53,7 +56,9 @@ You also need to grant our experts one or both of the following permissions:
53
56
**To grant our experts permissions:**
54
57
55
58
1. In the same Defender Experts settings setup, under **Permissions**, choose the access level(s) you want to grant our experts.
59
+
56
60
1. If you wish to [exclude device and user groups](#exclude-devices-from-remediation) in your organization from remediation actions, select **Manage exclusions**.
61
+
57
62
1. Select **Next** to [add contact persons or groups](#tell-us-who-to-contact-for-important-matters).
58
63
59
64
To edit or update permissions after the initial setup, go to **Settings** > **Defender Experts** > **Permissions**.
@@ -65,12 +70,15 @@ Defender Experts for XDR lets you exclude devices and users from remediation act
65
70
**To exclude device groups:**
66
71
67
72
1. In the same Defender Experts settings setup, under **Exclusions**, go to the **Device groups** tab.
73
+
68
74
2. Select **+ Add device groups**, then search for and choose the device group(s) that you wish to exclude.
69
75
> [!NOTE]
70
76
> This page only lists existing device groups. If you wish to create a new device group, you first need to go to the Defender for Endpoint settings in your Microsoft Defender portal. Then, refresh this page to search for and choose the newly created group. [Learn more about creating device groups](/defender-endpoint/machine-groups)
71
77
72
78
3. Select **Add device groups**.
79
+
73
80
4. Back on the **Device groups** tab, review the list of excluded device groups. If you wish to remove a device group from the exclusion list, choose it then select **Remove device group**.
81
+
74
82
5. Select **Next** to confirm your exclusion list and proceed to [adding contact persons or groups](#tell-us-who-to-contact-for-important-matters). Otherwise, select **Skip**, and all your added exclusions are discarded.
75
83
76
84
:::image type="content" source="/defender/media/xdr/exclude-device-groups.png" alt-text="Screenshot of option to exclude device groups." lightbox="/defender/media/xdr/exclude-device-groups.png":::
@@ -127,9 +135,13 @@ Once identified, the individuals or groups will receive an email notifying them
127
135
**To add notification contacts:**
128
136
129
137
1. In the same Defender Experts settings setup, under **Contacts**, search for and add your **Contact person or team** in the text field provided.
138
+
130
139
2. Add a **Phone number** (optional) that Defender Experts can call for matters that require immediate attention.
140
+
131
141
3. Under the **Contact for** dropdown box, choose **Incident notification** or **Service review**.
142
+
132
143
4. Select **Add**.
144
+
133
145
1. Select **Next** to confirm your contacts list and proceed to [creating a Teams channel](#receive-managed-response-notifications-and-updates-in-microsoft-teams) where you can also receive incident notifications.
134
146
135
147
To edit or update your notification contacts after the initial setup, go to **Settings** > **Defender Experts** > **Notification contacts**.
@@ -146,8 +158,11 @@ Apart from email and [in-portal chat](communicate-defender-experts-xdr.md#in-por
146
158
**To turn on Teams notifications and chat:**
147
159
148
160
1. In the same Defender Experts settings setup, under **Teams**, select the **Communicate on Teams** checkbox.
161
+
149
162
2. Select **Next** to review your settings.
163
+
150
164
3. Select **Submit**. The step-by-step guide then completes the initial setup.
165
+
151
166
4. Select **View readiness assessment** to complete the necessary actions required to [optimize your security posture](#prepare-your-environment-for-the-defender-experts-service).
0 commit comments