Microsoft Defender
      Back to home
      1. Sittadel Knowledge Base
      2. Management Guides
      3. Microsoft Defender

      Defender for Email Action Center Approval Action

      This guide will show an administrator how to approve pending automated investigation actions.

      Role Requirements

      Procedure Scope: Administrators

      Required Group Membership: Admin.Security

      Handbook Reference

      Package: TBD

      Domain: TBD

      Modifies: TBD

      Defender for Email Action Center Approval Action

      1. From the Action Center – Microsoft Defender queue, select any investigation ID that is unique in the list. Note that while there can be multiple entries related to a single investigation ID, each entry can be resolved by clicking into any one of the same linked investigation ID’s.
      2. From the Overview page we will want to select the Pending actions tab, followed by the actions that should be allowed. To select all actions, click the top-most checkbox, followed by selecting Approve.

      Need Assistance?

      Reach out to your Customer Success Manager to discuss how a Sittadel cybersecurity analyst can assist in managing these tasks for you. New to our services? Inquire about arranging a consultation to explore optimizing your Azure environment for painless management.