Microsoft Defender XDR Now Lets IT Admins Get Email Notifications for Response Actions

Cloud Computing and Security

Key Takeaways:

  • Microsoft Defender XDR now supports email notifications for both manual and automated response actions.
  • The feature provides visibility into critical activities to enhance the ability to respond promptly to potential security threats that require immediate attention.
  • Security teams can strategically customize email-based notifications for specific scenarios.

Microsoft has introduced email notifications support for its Microsoft Defender XDR service. The feature allows IT admins to configure the security solution to receive notifications through email for both manual and automated response actions.

Microsoft Defender XDR (formerly Microsoft 365 Defender) is a managed extended detection and response service designed to help customers prevent, detect, investigate, and respond to sophisticated cyberattacks. It leverages AI-powered automatic actions and playbooks to facilitate the remediation of affected systems, restoring them to a secure state.

Manual actions involve security teams taking steps to block security threats and investigate attacks. On the other hand, automated response actions are inherent features in Microsoft Defender XDR that autonomously disrupt and investigate security attacks.

Key scenarios for automatic email notifications

Microsoft detailed some critical scenarios for creating email-based notifications in Microsoft Defender XDR. For instance, security teams will receive automated emails when the service automatically disrupts ransomware attacks, isolates devices, and blocks compromised accounts. It’s also possible to configure a rule to get notified when a sensitive action is carried out on critical assets.

“When there is an important incident, it is crucial to ensure that key stakeholders on the team are promptly informed. Providing immediate notifications for critical activities to relevant team members not only raises awareness but reduces response times and improves alignment among stakeholders. These critical notifications can often involve remediation or response actions that take place on entities such as identities or devices in an organization’s environment,” Microsoft explained.

Last week, Microsoft announced that it’s combining Microsoft Sentinel and Defender for XDR into a unified security operations platform. Moreover, Microsoft Copilot is getting a new integration with Microsoft Defender XDR and Sentinel solutions. It provides advanced capabilities such as malware analysis, guided investigation, rapid evidence aggregation, and guided investigation to speed up incident response.