Announcement ID | MC788953 | Published Date | 04-29-2024 | |
Service | Microsoft365Defender | Last Updated | 07-05-2024 | |
Category | Stay informed | Expiration Date | 08-05-2024 | |
Roadmap ID | 393937 | Action Required by Date | ||
Tags | Admin impact, Feature update |
Summary |
---|
Microsoft Defender for Office 365 has introduced a new feature called Take action wizard in Threat Explorer, allowing execution of multiple response actions simultaneously. This enhancement aids in efficient threat remediation, supporting actions like email purging, inline submissions, and Tenant level block actions for up to 100 messages. Rollout began in mid-April 2024 and will complete by late June 2024. Users need the Search and Purge role to perform email purge actions. |
More Information |
---|
Microsoft Defender for office 365 Services now allows the execution of several response actions simultaneously through the Take action wizard in Threat Explorer/ Realtime detection. Many Security analyst teams use Threat explorer to execute bulk email remediation actions, and we're enhancing this capability with an improved Take action feature. This feature facilitates a more streamlined and efficient remediation of threats. With the new Take action wizard, you can perform multiple actions such as purging emails, inline submissions, triggering investigations, and Tenant level block actions together with a single wizard up to 100 messages. Moreover, you can take Tenant level block URL/file actions directly from Threat explorer. Alternatively, if you want to perform bulk email remediation for more than 100, this new wizard will enable you to do that in an organized manner. Some of the actions are not available based on the current location of the message, but if there is a conflict, the new experience gives more options and power through toggle. SecOps can use toggle choices to turn them on/off as desired and take proper action. When this will happen:General Availability (Worldwide): Rollout began in mid-April 2024 and expect to complete by late June 2024. General Availability (GCC): On-hold. How this will affect your organization:If you are part of the Security Operations team and use Microsoft defender for Office 365 email remediation features, the following are the enhancements for the email entity page and email summary panel:
The available actions in the Take action wizard in Threat Explorer (Defender for Office 365 Plan 2) and Real-time detections (Defender for Office 365 Plan 1) are listed in the following: Action under Threat explorer
Action under Real-time Detections
¹ This action requires the Search and Purge role in email & collaboration permissions. By default, this role is assigned only to the Data Investigator and Organization Management role groups. You can add users to those role groups, or you can create a new role group with the Search and Purge role assigned and add the users to the custom role group. What you need to do to prepare:To perform email purge actions from the email entity page, you are required to have the Search and Purge role, as well as the necessary permissions within the Microsoft 365 Defender portal. |