Microsoft Defender
      Back to home
      1. Sittadel Knowledge Base
      2. Management Guides
      3. Microsoft Defender

      Defender for Email Action Center Denial Action

      This guide will show an administrator how to reject pending automated investigation actions.

      Role Requirements

      Procedure Scope: Administrators

      Required Group Membership: Admin.Security

      Handbook Reference

      Package: TBD

      Domain: TBD

      Modifies: TBD

      Defender for Email Action Center Rejection Action

      1. From the Action Center – Microsoft Defender queue, select any investigation ID that is unique in the list. Note that while there can be multiple entries related to a single investigation ID, each entry can be resolved by clicking into any one of the same linked investigation ID’s.
      2. From the Overview page we will want to select the Pending actions tab, followed by the actions that should be denied. To select all actions, click the top-most checkbox, followed by selecting Reject.

      Need Assistance?

      Reach out to your Customer Success Manager to discuss how a Sittadel cybersecurity analyst can assist in managing these tasks for you. New to our services? Inquire about arranging a consultation to explore optimizing your Azure environment for painless management.