The History tab tracks all remediation actions that were completed, and you can undo an action there.īut what about remediation actions that were taken manually or from an advanced hunting experience, such as isolating a device, or restricting app execution on a specific device? How do you view an audit log for those actions? The Action center brings all this together across Microsoft Threat Protection security workloads, including Office 365 Advanced Threat Protection (Office 365 ATP) and Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).įurthermore, if you need to undo a remediation action that was taken by Microsoft Defender ATP, in most cases, you can do that in the Action center in Microsoft Threat Protection. You can also review approved actions in an audit log. The Action center enables your security operations team to approve pending remediation actions and to remediate impacted assets. The Action center provides a unified experience for remediation actions and an audit log. The results of current and past automatic investigations and remediation actions across your organization's devices and mailboxes are visible in the Action center in Microsoft Threat Protection.
0 kommentar(er)
