Recent DiscussionsMost RecentNewest TopicsMost LikesSolutionsTagged:TagRe: Automate pending actions Joachim83 - Zap does automatically act on emails and is the source of many of these alerts. Zap will perform the action chosen for that threat in the appropriate policy - so if you have phish set to junk, zap will auto-junk it. However, there are cases where Zap may not remediate the email - e.g. emails that were over 48 hours old with the malicious url/file, phish emails where the user/organization had 'override policies' (e.g. safe sender, safe domain, ETRs, etc.), plus emails from similar emails but with different malicious links/files that don't get identified. I definitely hear your request for clearer needed actions. For the moment want to make sure admins review and give us feedback when they disagree with aspects of the investigation. As Evald said - if you simply ignore the investigations they'll expire. Safe links does auto-block the links today if you're applying the policy to your usrs - the action from the investigation is redundant right now. I'd suggest you definitely review any 'User compromise' and 'URL verdict change' investigation at a minimum. These are high severity because they are situations where the user may be compromised - so the other details in the investigation are particularly worth reviewing (user evidence, bad URLs, etc.).
Recent Blog ArticlesNewest TopicsMost LikesTagged:TagMicrosoft Defender for Office 365 investigation improvements coming soon For those of you using Microsoft Defender for Office 365 automated investigations, we have several new investigation improvements rolling out this month to improve your experience in the security cen...
MicrosoftMicrosoftMicrosoftMicrosoft
