How to Be Notified by Email When a New Zero Day is Reported

Customers of Microsoft Defender for Endpoint have a wealth of knowledge available at their fingertips, enabling the most comprehensive view of the security of the estate. This wealth of knowledge is crucial, but it may not be always feasible – and definitely not always necessary – to hover in front of the Microsoft 365 Defender console just to bask in the golden glow of the wealth. This is where the alerting system comes into focus.

One area that piques interest for alerting is when Microsoft released coverage for a Zero Day. This is easy to setup and highly recommended.

To set it up do the following:

[1] In the Microsoft 365 Defender console (, go to Endpoints – Vulnerability Management – Weaknesses – Email notification settings.

Create an email notification

[2] Then, create a brand-new email alert similar to the following where you:

  • [a] Name the new rule and give it a description in the first step.
  • [b] In the second step, set the Notification Settings to report on New Vulnerability found (including zero-day vulnerability) and configure the Security threshold.
  • And, finally provide the email address, email addresses, or group email inbox where the alert should end up.
Wizard: Setting up the notification


[Want to discuss this further? Hit me up on Twitter or LinkedIn]

[Subscribe to the RSS feed for this blog]

[Subscribe to the Weekly Microsoft Sentinel Newsletter]

[Subscribe to the Weekly Microsoft Defender Newsletter]

[Learn KQL with the Must Learn KQL series and book]


Leave a Reply