We are excited to announce the new “Take actions” experience in the Email Entity and Email Summary panel. This new experience will allow users to act on threats faster, while also enabling more efficient resolution of issues like False Positives/False Negatives (FP/FN)
In August 2022, we announced similar functionality with the Action wizard being introduced to the Email Entity panel. After receiving feedback that users wanted the ability to combine multiple actions together, and for this feature to be accessible in the Email Summary Panel in addition to the Email Entity Panel.
Now, with this rollout, SecOps teams can use the “Take actions” button to chain multiple actions together. Examples of actions which can be combined include purging emails, inline submissions, and tenant level block actions to URLs or Files. To further improve ease of use, we’re making this functionality available in both the Email Entity and Email Summary panels. This simplified workflow can dramatically decrease the number of manual steps and overhead required by SecOps teams to effectively follow up on email threats.
The “Take actions” button will appear in the top-right corner of the Email Entity and Email Summary panel. Clicking on this button will open the Action wizard, which provides step-by-step guidance on how to select one, or multiple actions together. Please note that the actions available to any given user are still subject to the same permissions requirements as before, based on their membership/role in the organization.
Figure 1:
Figure 2:
The aim is to enrich single entity remediation actions by providing the following -
Figure 3:
Figure 4:
How will action wizard v2 work?
Considering that the SecOps have already investigated in the summary panel/email entity page and selected entities they want to remediate, below is a step-by-step process -
NOTE: It is important to note that the actions may take some time to show up in the respective pages due to the process they follow, but this will not impact the current speed of remediation and functionality as well. Additionally, there is no change to Threat explorer and Advanced hunting remediation options at this point.
Anywhere you find email summary panel and email entity page, you would see the new action experience.
Learn more:
Do you have questions or feedback about Microsoft Defender for Office 365? Engage with the community and Microsoft experts in the Defender for Office 365 forum
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.