| title | description | ms.service | ms.subservice | author | ms.author | ms.localizationpriority | manager | audience | ms.collection | ms.custom | ms.topic | ms.reviewer | search.appverid | ms.date | |||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Visit the Action center to see remediation actions |
Use the action center to view details and results following an automated investigation |
defender-endpoint |
edr |
denisebmsft |
deniseb |
medium |
deniseb |
ITPro |
|
admindeeplinkDEFENDER |
how-to |
ramarom, evaldm, isco, mabraitm, chriggs |
met150 |
02/21/2024 |
During and after an automated investigation, remediation actions for threat detections are identified. Depending on the particular threat and how automated investigation and remediation capabilities are configured for your organization, some remediation actions are taken automatically, and others require approval. If you're part of your organization's security operations team, you can view pending and completed remediation actions in the Action center.
Applies to:
Recently, the Action center was updated. You now have a unified Action center experience. To access your Action center, go to https://security.microsoft.com/action-center and sign in.
:::image type="content" source="media/mde-action-center-unified.png" alt-text="The Action center page in the Microsoft Defender portal" lightbox="media/mde-action-center-unified.png":::
The following table compares the new, unified Action center to the previous Action center.
| The new, unified Action center | The previous Action center |
|---|---|
| Lists pending and completed actions for devices and email in one location (Microsoft Defender for Endpoint plus Microsoft Defender for Office 365 |
Lists pending and completed actions for devices (Microsoft Defender for Endpoint only) |
| Is located at: https://security.microsoft.com/action-center |
Is located at: https://securitycenter.windows.com/action-center |
| In the Microsoft Defender portal, choose Action center. :::image type="content" source="media/action-center-nav-new.png" alt-text="The navigation pane to the Action Center in the Microsoft Defender portal" lightbox="media/action-center-nav-new.png"::: |
In the Microsoft Defender portal, choose Automated investigations > Action center. :::image type="content" source="media/action-center-nav-old.png" alt-text="An older version of the navigation pane to the Action Center in the Microsoft Defender portal" lightbox="media/action-center-nav-old.png"::: |
The unified Action center brings together remediation actions across Defender for Endpoint and Defender for Office 365. It defines a common language for all remediation actions, and provides a unified investigation experience.
You can use the unified Action center if you have appropriate permissions and one or more of the following subscriptions:
To get to the unified Action center in the improved Microsoft Defender portal:
-
Go to the Microsoft Defender portal and sign in.
-
In the navigation pane, select Action center.
-
Use the Pending actions and History tabs. The following table summarizes what you'll see on each tab:
Tab Description Pending Displays a list of actions that require attention. You can approve or reject actions one at a time, or select multiple actions if they have the same type of action (such as Quarantine file). TIP: Make sure to review and approve (or reject) pending actions as soon as possible so that your automated investigations can complete in a timely manner.
History Serves as an audit log for actions that were taken, such as: - Remediation actions that were taken as a result of automated investigations
- Remediation actions that were approved by your security operations team
- Commands that were run and remediation actions that were applied during Live Response sessions
- Remediation actions that were taken by threat protection features in Microsoft Defender Antivirus
Provides a way to undo certain actions (see Undo completed actions).
-
To customize, sort, filter, and export data in the Action center, take one or more of the following steps:
:::image type="content" source="media/new-action-center-columnsfilters.png" alt-text="The Action center with Columns and filters" lightbox="media/new-action-center-columnsfilters.png":::
- Select a column heading to sort items in ascending or descending order.
- Use the time period filter to view data for the past day, week, 30 days, or 6 months.
- Choose the columns that you want to view.
- Specify how many items to include on each page of data.
- Use filters to view just the items you want to see.
- Select Export to export results to a .csv file.