new action center topic

2025-05-12 13:27:23 +00:00 · 2019-06-20 17:12:45 -07:00 · 2019-06-20 17:12:45 -07:00 · 41500b2269
commit 41500b2269
parent 2dd958211b
6 changed files with 60 additions and 33 deletions
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@ -72,6 +72,7 @@

 #### [Automated investigation and remediation](microsoft-defender-atp/automated-investigations.md)
 ##### [Learn about the automated investigation and remediation dashboard](microsoft-defender-atp/manage-auto-investigation.md)
+#####[Manage actions related to automated investigation and remediation](microsoft-defender-atp/auto-investigation-action-center.md)


 #### [Secure score](microsoft-defender-atp/overview-secure-score.md)
--- a/windows/security/threat-protection/microsoft-defender-atp/TOC.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/TOC.md
@ -75,6 +75,7 @@

 ### [Automated investigation and remediation](automated-investigations.md)
 #### [Learn about the automated investigation and remediation dashboard](manage-auto-investigation.md)
+#### [Manage actions related to automated investigation and remediation](auto-investigation-action-center.md)


 ### [Secure score](overview-secure-score.md)
--- a/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md
@ -0,0 +1,54 @@
+---
+title: Manage actions related to automated investigation and remediation
+description: Use the action center to manage actions related to automated investigation and response
+keywords: action, center, autoir, automated, investigation, response, remediation
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: M365-security-compliance 
+ms.topic: article
+---
+
+# Manage actions related to automated investigation and remediation
+
+The Action center aggregates all investigations that require an action for an investigation to proceed or be completed. 
+
+![Image of Action center page](images/action-center.png)
+
+The action center consists of two main tabs:
+- Pending actions - Displays a list of ongoing investigations that require attention. A recommended action is presented to the analyst, which they can approve or reject.
+- History - Acts as an audit log for:
+	- All actions taken by AutoIR or approved by an analyst with ability to undo actions that support this capability (for example, quarantine file).
+	- All commands ran and remediation actions applied in Live Response with ability to undo actions that support this capability.
+	- Remediation actions applied by Windows Defender AV with ability to undo actions that support this capability.
+
+
+
+
+Use the Customize columns drop-down menu to select columns that you'd like to show or hide. 
+
+From this view, you can also download the entire list in CSV format using the **Export** feature, specify the number of items to show per page, and navigate between pages.
+
+
+>[!NOTE]
+>The tab will only appear if there are pending actions for that category.
+
+### Approve or reject an action
+You'll need to manually approve or reject pending actions on each of these categories for the automated actions to proceed.
+
+Selecting an investigation from any of the categories opens a panel where you can approve or reject the remediation. Other details such as file or service details, investigation details, and alert details are displayed.
+
+From the panel, you can click on the Open investigation page link to see the investigation details.
+
+You also have the option of selecting multiple investigations to approve or reject actions on multiple investigations. 
+
+##Related topics
+- [Automated investigation and investigation](automated-investigations.md)
+- [Learn about the automated investigations dashboard](manage-auto-investigation.md)
--- a/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/evaluate-atp.md
@ -1,8 +1,8 @@
 ---
 title: Evaluate Microsoft Defender Advanced Threat Protection
 ms.reviewer: 
-description: 
-keywords: 
+description: Evaluate the different security capabilities in Microsoft Defender ATP.
+keywords: attack surface reduction, evaluate, next, generation, protection 
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
@ -16,7 +16,6 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: conceptual
-ms.date: 08/10/2018
 ---

 # Evaluate Microsoft Defender ATP 
--- a/windows/security/threat-protection/microsoft-defender-atp/images/action-center.png
+++ b/windows/security/threat-protection/microsoft-defender-atp/images/action-center.png
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
@ -162,37 +162,9 @@ If there are pending actions on an Automated investigation, you'll see a pop up

 ![Image of pending actions](images/pending-actions.png)

-When you click on the pending actions link, you'll be taken to the pending actions page. You can also navigate to the page from the navigation page by going to **Automated investigation** > **Pending actions**.
+When you click on the pending actions link, you'll be taken to the Action center. You can also navigate to the page from the navigation page by going to **Automated investigation** > **Action center**. For more information, see [Action center](auto-investigation-action-center.md).

 
-The pending actions view aggregates all investigations that require an action for an investigation to proceed or be completed.
-
-![Image of pending actions page](images/atp-pending-actions-list.png)
-
-Use the Customize columns drop-down menu to select columns that you'd like to show or hide. 
-
-From this view, you can also download the entire list in CSV format using the **Export** feature, specify the number of items to show per page, and navigate between pages.
-
-Pending actions are grouped together in the following tabs:
-  Quarantine file
-  Remove persistence
-  Stop process
-  Expand pivot
-  Quarantine service
-
->[!NOTE]
->The tab will only appear if there are pending actions for that category.
-
-### Approve or reject an action
-You'll need to manually approve or reject pending actions on each of these categories for the automated actions to proceed.
-
-Selecting an investigation from any of the categories opens a panel where you can approve or reject the remediation. Other details such as file or service details, investigation details, and alert details are displayed.
-
-![Image of pending action selected](images/atp-pending-actions-file.png)
-
-From the panel, you can click on the Open investigation page link to see the investigation details.
-
-You also have the option of selecting multiple investigations to approve or reject actions on multiple investigations. 
-
 ## Related topic
 - [Investigate Microsoft Defender ATP alerts](investigate-alerts.md)
+- [Manage actions related to automated investigation and remediation](auto-investigation-action-center.md)