cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Action Center showing a lot of Failed status

HathMH
Copper Contributor

‎Aug 04 2022 07:17 AM

‎Aug 04 2022 07:17 AM

Action Center showing a lot of Failed status

So I have assumed responsibility of the MS 365 Defender security role. I was going through the Action Center history and found some alarming things. Almost all of the automated actions have failed for an unknown length of time. I have gone as far back as the past 30 days. Every Automated email action has a Failed status when not specifically listing an status or entity in the 'Decision' or 'Decided by' columns.

HathMH_0-1659622052007.png

 

 

Of those that failed, i can on them individually and choose to 'Open in Explorer' and there I can then select all and go for the soft delete action. But that is getting tedious to have to do that for every action, we are talking literally thousands.

 

What is the cause of this and how do I fix it?

Labels:
4,227 Views
0 Likes
15 Replies
Reply
15 Replies
Heike Ritter

‎Aug 12 2022 10:57 AM

‎Aug 12 2022 10:57 AM

Re: Action Center showing a lot of Failed status

It's difficult to tell what kind of issue this is. It might be helpful to have a support ticket open to research this further. In the meantime, you could select one of those failed actions to view the side-panel page. On this page there should be a section titled latest delivery action. This section would say whether e-mails remain in mailboxes by providing a count and would be a good indicator of the current status of the emails.
1 Like
Reply
HathMH

‎Aug 16 2022 06:20 AM - edited ‎Aug 16 2022 06:21 AM

‎Aug 16 2022 06:20 AM - edited ‎Aug 16 2022 06:21 AM

Re: Action Center showing a lot of Failed status

Unfortunately, there is no Latest delivery column. I think that is is Email Explorer.
I do have a support ticket in, but there has been no response for over a week now. Not impressed with the Microsoft customer support.

0 Likes
Reply
Heike Ritter

‎Aug 16 2022 04:32 PM

‎Aug 16 2022 04:32 PM

Re: Action Center showing a lot of Failed status

I sent you a DM
0 Likes
Reply
Mela

‎Aug 23 2022 10:50 PM

‎Aug 23 2022 10:50 PM

Re: Action Center showing a lot of Failed status

Hi @HathMH and @Heike Ritter 

 

Is there a solution on this?

We are experience the same issues.

 

Br

Mela

0 Likes
Reply
HathMH

‎Aug 24 2022 12:15 PM

‎Aug 24 2022 12:15 PM

Re: Action Center showing a lot of Failed status

I've heard nothing from MS for over a week now. No resolution yet, but I was told there are many others that have reported this issue.
1 Like
Reply
Heike Ritter

‎Aug 25 2022 10:00 AM

‎Aug 25 2022 10:00 AM

Re: Action Center showing a lot of Failed status

I have escalated it internally again. It's already with an escalation engineer and hopefully you hear back soon. keep me updated
1 Like
Reply
johos

‎Aug 30 2022 08:18 AM

‎Aug 30 2022 08:18 AM

Re: Action Center showing a lot of Failed status

Hi! I have the same issue and will file a ticket with the support right away regarding this. Please let me know if there is any resolution for this.
0 Likes
Reply
Bowserkb

‎Sep 27 2022 06:15 AM

‎Sep 27 2022 06:15 AM

Re: Action Center showing a lot of Failed status

Anyone get a resolution on this? We have a lot of timed out decision and automated email action failures. 

0 Likes
Reply
Mela

‎Sep 27 2022 06:53 AM

‎Sep 27 2022 06:53 AM

Re: Action Center showing a lot of Failed status

Hi @Bowserkb 

 

Unfortunately no, I have a case Open since two Weeks and it was escalate also to 2 Level, but every Mail they send me, are still asking what happen and if I can reproduce it :facepalm:..... just unbelievable Bad this Support. 

 

1 Like
Reply
richrico

‎Sep 27 2022 09:46 AM

‎Sep 27 2022 09:46 AM

Re: Action Center showing a lot of Failed status

This could be because whoever was initially responsible for it didn't approve them for the automation action to continue. Although the remediation is automated, the administrator sometimes need to approve or deny the remediation action in the pending column of the Action Center. It times out when that is not done.
0 Likes
Reply
HathMH

‎Sep 27 2022 11:57 AM

‎Sep 27 2022 11:57 AM

Re: Action Center showing a lot of Failed status

Yes, every morning (and several times thru the day) I open up Action Center and go through the list to approve all action items. Up until a couple months ago, there used to be 100+ items to approve. Lately though, there's maybe a dozen or so if any at all. Most morning there is nothing. The support ticket has been in for a bit of time, it's been moved up to an engineer team i think. They say it may just be a UI issue. When the action items show a fail status, the automated action is still done as the emails are remediated. However, this issue along with automated actions no longer appearing in my pending list wrecks havoc on my metrics. All those that previously showed but no more are not being listed correctly in my remediated monthly metrics. Still waiting on MS to resolve this.
0 Likes
Reply
Mela

‎Sep 27 2022 11:39 PM

‎Sep 27 2022 11:39 PM

Re: Action Center showing a lot of Failed status

@HathMH 

I am totally agree, I was receiving also every day someone actions to approve, and now, since day.... no one...  As Security Administrator this will be a great day when I do not receive any "Attack"... but I Don't think this is the case :sad:

0 Likes
Reply
HathMH

‎Sep 28 2022 06:59 AM

‎Sep 28 2022 06:59 AM

Re: Action Center showing a lot of Failed status

Yep, I thought it was weird as well, then I looked in the history and saw all the failed status.
0 Likes
Reply
Mela

‎Oct 19 2022 10:16 PM

‎Oct 19 2022 10:16 PM

Re: Action Center showing a lot of Failed status

@HathMH 

 

after a loong way with a MS Ticket, they confirm me that a Fix has been deployed and will reach World Wide deployment in around 2 weeks. 

0 Likes
Reply
Mela

‎Nov 02 2022 02:37 AM

‎Nov 02 2022 02:37 AM

Re: Action Center showing a lot of Failed status

@HathMH 

 

The Fix is in place.... we are getting now the status "Skipped".

 

When open the investigation page you can see in the Logs, only the "Soft delete email" Step with the Status "Skipped - The action wasn't needed, and the investigation proceeded." but the Investigation Status is "Remediated"

 

and When checking the Email Trace you can see the Email was delivered in the JunkFolder

 

But if you go to the Email Entitie, you can see tow steps, 

- Junk Email folder - Delivered to junk

-Success: Message moved to quarantine

and checking the quarantine... is right the Emails was moved there.

 

... so, in my Opinion should be a "Success" instead of "Skipped"... but is better as "Failed" :xd: 

 

0 Likes
Reply