Microsoft Defender for Business is now in preview, and will roll out gradually to customers and IT Partners who sign-up here to request it. We will onboard an initial set of customers and partners in the coming weeks and will expand the preview leading up to general availability. Note that preview will launch with an initial set of scenarios, and we will be adding capabilities regularly.

Some information in this article relates to prereleased products/services that might be substantially modified before they are commercially released. Microsoft makes no warranties, express or implied, for the information provided here.

As threats are detected, remediation actions come into play. Depending on the particular threat and how your security settings are configured, remediation actions might be taken automatically or only upon approval. Examples of remediation actions include sending a file to quarantine, stopping a process from running, and removing a scheduled task. All remediation actions are tracked in the Action center.

Screenshot of the Action center

This article describes:

How to use the Action center

  1. Go to the Microsoft 365 Defender portal (https://security.microsoft.com), and sign in.
  2. In the navigation pane, choose Action center.
  3. Select the Pending tab to view and approve (or reject) any pending actions. Such actions can arise from antivirus/antimalware protection, automated investigations, manual response activities, or live response sessions.
  4. Select the History tab to view a list of completed actions.

Remediation actions

Microsoft Defender for Business (preview) includes several remediation actions. These actions include manual response actions, actions following automated investigation, and live response actions.

The following table lists remediation actions that are available:

Source Actions
Automated investigations – Quarantine a file
– Remove a registry key
– Kill a process
– Stop a service
– Disable a driver
– Remove a scheduled task
Manual response actions – Run antivirus scan
– Isolate device
– Stop and quarantine
– Add an indicator to block or allow a file
Live response – Collect forensic data
– Analyze a file
– Run a script
– Send a suspicious entity to Microsoft for analysis
– Remediate a file
– Proactively hunt for threats

Source : Official Microsoft Brand
Editor by : BEST Antivirus KBS Team

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.