This will be the beginning of a new series of blog posts. I will create a tagged collection, just as I have for Azure AD and Endpoint Management.
Find the alert settings
There are a number of basic settings in Defender that should be configured before you start using Defender. These are found in menu toward the bottom. Click on settings ro go directly there with this url
Depending upon your licensing, you will see a smaller or larger number of items to be configured. Next, we’re going to click on each individual item and configure it. Some of these are very basic and some are more advanced.
Everything has a pre-setup to do before you begin configuration. For this we need just a few things in order before beginning.
- An email address to send alert notifications to
- Decision on whether to have cases opened automatically and where to have that communication go to
- Decision of whether to enable preview features
- Decision on whether to enable Defender to integrate other portal services
- Whether to port alerts via API to another service
- Whether to turn on advanced features in Endpoint Manager
- How users will report phishing and malware
- Who your priority users are
- That Azure AD has been configured
And probably more things that I haven’t listed. The setup of Defender is the setup of a full EDR solution. It takes time and consideration. Don’t rush it. But also, don’t not do it. Defender won’t give you the assistance and information that you are expecting if you don’t complete these tasks.
All we do is support IT professionals. Microsoft 365 technical assistance, occasional Newsletter, Security community, MSP Legislation community, Intune, Defender and Lighthouse community, Peer groups, Papers, Business consulting and more. https://www.thirdtier.net and https://www.facebook.com/thirdtier for the community groups listed above.