This guide will show an administrator how to access the Action Center page to view pending and completed remediation actions for your devices and identities.
Role Requirements
Procedure Scope: Administrators
Required Group Membership: Admin.Security
Handbook Reference
Package: TBD
Domain: TBD
Modifies: TBD
Defender Device Action Center Queue
- From the Action Center – Microsoft Defender queue, locate and select any investigation ID that is unique in the list. Note that while there can be multiple entries related to a single investigation ID, each entry can be resolved by clicking into any one of the same linked investigation ID’s. For email related action center items, verify that the Action Type are either Isolate device, Collect investigation package, Restrict app execution, etc.
- More details will be displayed about the specific investigation ID. From here, analysis of the entry can be performed and a determination on approval or denial for the proposed actions can be made.
Need Assistance?
Reach out to your Customer Success Manager to discuss how a Sittadel cybersecurity analyst can assist in managing these tasks for you. New to our services? Inquire about arranging a consultation to explore optimizing your Azure environment for painless management.