Forum Discussion
Solved
Approve pending actions in Microsoft 365 Defender
Hello, we are managing Sentinel deployments for customers. The Sentinel deployments are managed via Azure Lighthouse, so we see all deployments/incidents in one place. This way we also never login...
slaimer There does not appear to be a way in a playbook (nor a REST API that can be called) that will update an investigation. Seems strange since you can do so many other commands like list and cancel an action.
Looks like the best you could is to start a new investigation that would not require approval and cancel the original one. Not a great solution overall though.
Hello GaryBushey, thank you for your response.
Are you referring to this commands? https://docs.microsoft.com/en-us/graph/api/resources/securityaction
Yes. I could not find any other ones.