Export (0) Print
Expand All

Get notified by Microsoft Intune alerts when there is a problem


Updated: August 1, 2015

Applies To: Microsoft Intune

Use the information in this topic to help you configure alerts in Microsoft Intune.

You can use alerts in multiple ways including:

  • View all recent alerts to obtain a broad picture of device health.

  • Use alerts to investigate specific issues that are occurring to members of specific device groups or specific workspaces, like Endpoint Protection in Microsoft Intune.

  • Use alert filters to view all alerts of a specific severity level, or alerts that are active or closed.

To ensure that the appropriate people are notified about alerts, you can set up rules to send email notifications about new alerts to specific recipients.

When working with alerts, it is important to understand the difference between alerts and alert types:

Alert Type

A predefined rule that monitors and responds to a specific system or software state. Microsoft Intune comes with a set of default alert types that you can customize.


A single alert, of any type, that displays when the requirements of the alert type are met. Multiple alerts can be generated from a single alert type.

Alert types are grouped into the following categories:


More information

Endpoint Protection

Informs you when computers have malware warnings, are not protected, or have malware that requires action. These alerts also notify you when malware was seen for the first time or was recently resolved.


Informs you when a service is stopped, disk space is too low, or disk fragmentation is high.


Informs you about configuration tasks that need to be performed (such as configuring automatic approvals for updates) and service announcements that display on the Notice Board on the System Overview page.


Informs you when a device is unable to apply one or more policy settings.

Remote Assistance

Informs you when a user on a managed computer has initiated a request for remote assistance


Informs you when client deployments have failed. Also contains a sub-category of Mobile Device Management, which informs you when mobile device issues occur, including Exchange connectivity.


Informs you when specific updates are waiting for approval, such as Security Updates or Critical Updates.

Use the following severity levels to help you determine which issues to investigate:

Critical (indicated by a red circular icon)

Indicates a serious problem you should Investigate as a top priority.

For example, a Critical alert can help you identify when one or more computers have active malicious software, or some security issue or a loss of function.

Warning (indicated by a yellow triangular icon)

Indicates a potential or current problem that is not yet serious and you might want to investigate before the underlying issue becomes critical.

For example, a Warning alert is generated if security updates are waiting to be deployed.

Informational (indicated by a white circular icon)

Indicates a typical operation has occurred or requires attention.

For example, an Informational alert is generated if product and classification settings must be configured for updates that you plan to deploy to computers.

The following properties are common to all alerts:



Alert Level

Indicates the severity of the alert –Critical, Warning, or Informational.


Indicates whether the alert is active or closed.


This is the time that the alert was created.


Indicates the time when the alert was last modified. If an alert is closed, this will be the time that it was closed.

Repeat count

Indicates the number of times that the alert was raised.


Indicates the device or rule that generated the alert. You can click the name of the source to display more information.

For example, for a Security updates need to be approved alert, the source is Security update list. When you click Security update list, the list of security updates that have not yet been deployed is displayed.


This field displays the path of the specific object on the computer that caused the alert to be generated.

To configure general alert type settings

  1. In the Microsoft Intune administrator console, click Administration > Alerts and Notifications > Alert Types.

  2. Select an alert, and then click Configure.

    You can also use the box to search for a specific alert type. If you select multiple alert types, you can only configure the settings that are shared between the selected alert types.

  3. In the Configure Alert Type dialog box, specify one or more of the following settings, and then click OK:


    More information


    Specifies whether the alert type is enabled or disabled.


    Sets the level to Critical, Warning, or Informational to ensure that the alerts that are critical to your organization are given priority.

    Display Threshold

    Specifies how often an alert must be generated before it is displayed. You can also select Display all to display an alert as soon as one device generates an alert.

    For example, a disk corruption failure on one computer in your organization might not represent a high priority, whereas the same problem on 10 percent of the computers might require your attention.

    Alert type specific settings

    Some alert types have additional settings that you can configure under the Manage specific settings heading.

Intune Alert Types Configuration Dialog

An example of the Configure Alert Type dialog.

  1. In the Microsoft Intune administrator console, click Administration > Alerts and Notifications > Alert Types.

  2. Select the alert type that you want to configure and then click Configure. You may also select multiple alert types to configure by holding CTRL and selecting the alert types.


    When multi-selecting alert types, you cannot configure the specific settings, only the shared settings.

  3. On the taskbar, click Configure.

  4. In the Configure Alert Type: dialog box, each Monitoring alert has a Display Threshold field under Manage Shared Settings. Set this field to either:

    1. Display all – This setting will display the alert as soon as it occurs.

    2. Enter value – This setting takes a parameter to specify the percentage of devices that must meet the criteria before the alert is triggered. The valid range for this field is 1 – 99, inclusive.


    On any alert configuration screen, if you have modified a setting, you may click Use Default to revert the value of that setting. You may also click Use All Defaults to reset all settings to their default values.

  5. Depending on the monitoring alert type you have selected, other threshold options might appear under Manage specific settings. Enter the required information in the appropriate boxes.

  6. Click OK to save your changes.


    When you modify or disable alert type thresholds, the new threshold settings only apply to displaying new alerts. Alerts that were displayed before you make the change remain unaffected.

  1. In the Microsoft Intune administrator console, click Administration > Alerts and Notification > Alert Types.

  2. Do one of the following:

    • If you know the category of the alert type that you want to enable or disable and you want to search for it, select the category under Alert Types.

    • If you know the name of the alert type that you want to enable or disable and you want to search for it, type the full or partial name of the alert type in the Search alert types box.

    • Browse the list of alert types to locate the alert type that you want to enable or disable.

  3. Select the alert type that you want to enable or disable, and then do one of the following:

    • On the taskbar, click Enable or Disable.

    • Right-click the alert type and select Enable or Disable.

    • On the taskbar, click Configure…. This opens the Configure Alert Type configuration page. In State, select Enabled or Disabled, configure other settings as desired, and click OK.


    If an alert type state is changed from enabled to disabled, any currently active alerts of that type will stay in the system, but no new alerts will be triggered.

You can configure Microsoft Intune to send email notifications whenever a new alert occurs. Microsoft Intune includes predefined notification rules, or you can create a new, customized notification rule.

  1. In the Microsoft Intune administrator console, click Administration > Alerts and Notifications > Recipients > Add.

  2. In the Add Notification Recipient dialog box, type and confirm the email address for the recipient, select the preferred language, and then click OK.

    • To send notifications to the same person in different languages, create another recipient with the same name and email address and a different language.

    • Recipients do not have to be Microsoft Intune administrators or employees of your company.

    • When a new service administrator account is added to the system, Intune automatically creates a recipient record for that account.

  3. Click Notification Rules.

  4. In the Notification Rules list, select the rule that corresponds to the alerts that you want recipients to be notified about, and then click Select Recipients

  5. In the Select Recipients dialog box, select the recipients that will receive notification email messages, and then click OK.


To prevent alert notification emails from being classified as junk email, inform recipients that they should add Microsoft Intune (Windows.Intune@Microsoft.com) to their lists of safe or trusted senders in their email programs.

  1. In the Microsoft Intune administrator console, click Administration > Alerts and Notifications > Notification Rules > Create New Rule.

  2. In the Create Notification Rule wizard, enter a Name for the notification rule, select the Categories and Severity for the notification rule, and then click Next.

  3. On the Select device groups page, select the device groups to which this rule will apply, then click Next.

  4. On the Select email recipients page, select the users who will receive the email notifications generated by this rule.

  5. Click Save to save the rule and close the wizard.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
© 2015 Microsoft