deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 22:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Update auto-investigation-action-center.md

Browse Source
This commit is contained in:
Denise Vangel-MSFT 2021-01-28 13:11:32 -08:00
parent 8ac1a0c76e
commit 194014ed57
1 changed files with 13 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md
View File

@ -17,7 +17,7 @@ ms.collection:
- m365initiative-defender-endpoint - m365initiative-defender-endpoint
ms.topic: article ms.topic: article
ms.reviewer: ramarom, evaldm, isco, mabraitm, chriggs ms.reviewer: ramarom, evaldm, isco, mabraitm, chriggs
ms.date: 01/27/2021 ms.date: 01/28/2021
ms.technology: mde ms.technology: mde
--- ---
@ -25,31 +25,30 @@ ms.technology: mde
[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
During and after an automated investigation, certain remediation actions can be identified. Depending on the threat and how [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection) is configured for your organization, some remediation actions are taken automatically. During and after an automated investigation, remediation actions for threat detections are identified. Depending on the particular threat and how [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection) is configured for your organization, some remediation actions are taken automatically, and others require approval.
If you're part of your organization's security operations team, you can view pending and completed [remediation actions](manage-auto-investigation.md#remediation-actions) in the **Action center** ([https://security.microsoft.com/action-center](https://security.microsoft.com/action-center)). Read this article to learn more. If you're part of your organization's security operations team, you can view pending and completed [remediation actions](manage-auto-investigation.md#remediation-actions) in the **Action center** ([https://security.microsoft.com/action-center](https://security.microsoft.com/action-center)).
>[!NOTE]
>If your organization has implemented role-based access to manage portal access, only authorized users or user groups who have permission to view the device or device group will be able to view the entire investigation.
## The Action center ## The Action center
The Action center consists of two main tabs: **Pending actions** and **History**.
- **Pending actions** Displays a list of ongoing investigations that require attention. Recommended actions are presented that your security operations team can approve or reject. The **Pending** tab appears only if there are pending actions to be approved (or rejected).
- **History** Acts as an audit log for all of the following items: <br/>
- Remediation actions that were taken as a result of an automated investigation
- Remediation actions that were approved by your security operations team (some actions, such as sending a file to quarantine, can be undone)
- Commands that were run and remediation actions that were applied in Live Response sessions (some actions can be undone)
- Remediation actions that were applied by Microsoft Defender Antivirus (some actions can be undone)
:::image type="content" source="images/mde-action-center-unified.png" alt-text="Action center in Microsoft 365 security center"::: :::image type="content" source="images/mde-action-center-unified.png" alt-text="Action center in Microsoft 365 security center":::
The Action center consists of two main tabs: **Pending actions** and **History**.
|Tab |Description |
|---------|---------|
|**Pending** | Displays a list of ongoing investigations that require attention. Recommended actions are presented that your security operations team can approve or reject. The **Pending** tab appears only if there are pending actions to be approved (or rejected). |
|**History** | Serves as an audit log for all of the following actions: <br/>- Remediation actions that were taken as a result of an automated investigation <br>- Remediation actions that were approved by your security operations team (some actions, such as sending a file to quarantine, can be undone) <br/>- Commands that were run and remediation actions that were applied in Live Response sessions (some actions can be undone) <br/>- Remediation actions that were applied by Microsoft Defender Antivirus (some actions can be undone) |
Use the **Customize columns** menu to select columns that you'd like to show or hide. Use the **Customize columns** menu to select columns that you'd like to show or hide.
You can also download the entire list in CSV format using the **Export** feature, specify the number of items to show per page, and navigate between pages. You can also download the entire list in CSV format using the **Export** feature, specify the number of items to show per page, and navigate between pages.
## (NEW!) A unified Action center ## (NEW!) A unified Action center
The former Action center for Microsoft Defender for Endpoint is located at [https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center). The former Action center for Microsoft Defender for Endpoint is located at [https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center).
The new, improved Action center is located at [https://security.microsoft.com/action-center](https://security.microsoft.com/action-center). The new, improved Action center is located at [https://security.microsoft.com/action-center](https://security.microsoft.com/action-center).