Skip to content

Commit 6fa44c3

Browse files
chrisdachrisda
authored
Merge pull request #3793 from MicrosoftDocs/chrisda
Click path and art updates
2 parents cb9998c + d746957 commit 6fa44c3

File tree

2 files changed

+13
-15
lines changed

2 files changed

+13
-15
lines changed

defender-business/mdb-review-remediation-actions.md

Lines changed: 13 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -19,28 +19,26 @@ ms.collection:
1919
- tier1
2020
---
2121

22-
# Review remediation actions in the Action center
22+
# Review remediation actions in the Action Center
2323

2424
As threats are detected, remediation actions come into play. Depending on the particular threat and how your security settings are configured, remediation actions might be taken automatically or only upon approval. Examples of remediation actions include stopping a process from running or removing a scheduled task.
2525

26-
All remediation actions are tracked in the Action center.
26+
All remediation actions are tracked in the Action Center.
2727

28-
:::image type="content" source="/defender/media/defender-business/mdb-actioncenter.png" alt-text="Screenshot of the Action center":::
28+
:::image type="content" source="media/mdb-actioncenter.png" alt-text="Screenshot of the location of the Action Center in the Microsoft Defender portal." lightbox="media/mdb-actioncenter.png":::
2929

3030
**This article describes**:
3131

32-
- [How to use the Action center](#how-to-use-the-action-center)
32+
- [How to use the Action Center](#how-to-use-the-action-center)
3333
- [Remediation actions](#remediation-actions)
3434

35-
## How to use the Action center
35+
## How to use the Action Center
3636

37-
1. Go to the Microsoft Defender portal ([https://security.microsoft.com](https://security.microsoft.com)) and sign in.
37+
1. In the Defender portal at <https://security.microsoft.com>, go to **Actions & submissions** \> **Action Center**. Or, to go directly to the **Action Center** page, use <https://security.microsoft.com/action-center>.
3838

39-
2. In the navigation pane, choose **Action center**.
40-
41-
3. Select the **Pending** tab to view and approve (or reject) any pending actions. Actions can arise from antivirus/antimalware protection, automated investigations, manual response activities, or live response sessions.
42-
43-
4. Select the **History** tab to view a list of completed actions.
39+
2. On the **Action Center** page, use the available tabs:
40+
- **Pending**: View and approve (or reject) any pending actions. Actions on the **Pending** tab can arise from anti-virus protection, anti-malware protection, automated investigations, manual response activities, or live response sessions.
41+
- **History**: View completed actions.
4442

4543
## Remediation actions
4644

@@ -50,10 +48,10 @@ The following table lists remediation actions that are available.
5048

5149
|Source|Actions|
5250
|---|---|
53-
|[Automatic attack disruption](mdb-attack-disruption.md)|- Contain a device <br/>- Contain a user <br/>- Disable a user account|
54-
|[Automated investigations](/defender-endpoint/automated-investigations)|- Quarantine a file<br/> - Remove a registry key<br/> - Kill a process<br/> - Stop a service<br/> - Disable a driver<br/> - Remove a scheduled task|
55-
|[Manual response actions](/defender-endpoint/respond-machine-alerts)|- Run antivirus scan<br/> - Isolate a device<br/> - Add an indicator to block or allow a file|
56-
|[Live response](/defender-endpoint/live-response)|- Collect forensic data<br/> - Analyze a file<br/> - Run a script<br/> - Send a suspicious entity to Microsoft for analysis<br/> - Remediate a file <br/> - Proactively hunt for threats|
51+
|[Automatic attack disruption](mdb-attack-disruption.md)|<ul></li>Contain a device</li><li>Contain a user account on a device</li><li>Disable a user account</ul></li>|
52+
|[Automated investigations](/defender-endpoint/automated-investigations)|<ul></li>Quarantine a file</li><li>Remove a registry key</li><li>Kill a process</li><li>Stop a service</li><li>Disable a driver</li><li>Remove a scheduled task</ul></li>|
53+
|[Manual response actions](/defender-endpoint/respond-machine-alerts)|<ul></li>Run antivirus scan</li><li>Isolate a device</li><li>Add an indicator to block or allow a file</ul></li>|
54+
|[Live response](/defender-endpoint/live-response)|<ul></li>Collect forensic data</li><li>Analyze a file</li><li>Run a script</li><li>Send a suspicious entity to Microsoft for analysis</li><li>Remediate a file</li><li>Proactively hunt for threats</ul></li>|
5755

5856
## Next steps
5957

defender-business/media/mdb-actioncenter.png

12.9 KB
Loading

0 commit comments

Comments
 (0)