Defender Device Security Incident Queue

This guide will show an administrator how to access the endpoint incident queue where a collection of correlated alerts and associated data that defines the complete story of an attack can be found.

Role Requirements

Procedure Scope: Administrators

Required Group Membership: Admin.Security

Handbook Reference

Package: TBD

Domain: TBD

Modifies: TBD

Defender Device Incident Queue

  1. Navigate to the Incidents – Microsoft Defender Verify that the Date dropdown is set to 1 week, then locate and select the Add Filter button. From the Add Filter dropdown, locate and select the Service/Detection Sources. Set the Status filter to New, In Progress and the Service/Detection Sources to Microsoft Defender for Endpoint.

Need Assistance?

Reach out to your Customer Success Manager to discuss how a Sittadel cybersecurity analyst can assist in managing these tasks for you. New to our services? Inquire about arranging a consultation to explore optimizing your Azure environment for painless management.