Merge pull request #4784 from anunesms/patch-11

Update remediation-actions.md

Author: padmagit77

ATPDocs/remediation-actions.md

@@ -35,34 +35,30 @@ To perform any of the [supported actions](#supported-actions), you need to:
 
 The following Defender for Identity actions can be performed on Identities:
 
-- **Disable user in Active Directory** - This temporarily prevents a user from signing in to the on-premises network. This can help prevent compromised users from moving laterally and attempting to exfiltrate data or further compromise the network.
+| Remediation Action  | Description     |          Scope                        | 
+| ------------------------------------- | ------------------------------------------------------------ | ------------------------------------------------------------ |
+|Disable user                 | This temporarily prevents a user from signing in. This can help prevent compromised users from moving laterally and attempting to exfiltrate data or further compromise the network. | Active Directory, Entra ID and Okta
+|Enable user              | Enable a user to sign in. | Active Directory, Entra ID and Okta
+|Revoke all Users' sessions       | Revoke a user's active sessions. | Entra ID and Okta
+|Confirm user compromised      | The user's risk level is set to High | Entra ID
+| Reset user password| This prompts the user to change their password on the next logon, ensuring that this account can't be used for further impersonation attempts| Active Directory
+|Deactivate user in Okta | This action can be used when a non-legit malicious account was detected, to deactivate the account permanently | Okta
+| Set user risk to High/Medium/Low |Set one user risk scoring to one of the defined levels. This action will only be available if [Risk Scoring](https://help.okta.com/en-us/Content/Topics/Security/Security_Risk_Scoring.htm) feature is enabled | Okta
 
-- **Reset user password** - This prompts the user to change their password on the next logon, ensuring that this account can't be used for further impersonation attempts.
-
-- **Mark User Compromised** - The user's risk level is set to High.
-
-- **Suspend User in Entra ID** - Block new sign-ins and access to cloud resources.
-
-- **Require User to Sign In Again** - Revoke a user's active sessions.
-
-- **Suspend User in Okta** - Temporarily disables a user account. This action can be used when a legit user account was found to be compromised and needed to be disabled.
-
-- **Deactivate User in Okta** - This action can be used when a non-legit malicious account was detected, to deactivate the account permanently.
 
 Depending on your Microsoft Entra ID roles, you might see additional Microsoft Entra ID actions, such as requiring users to sign in again and confirming a user as compromised. For more information, see [Remediate risks and unblock users](/entra/id-protection/howto-identity-protection-remediate-unblock).
 
 ## Roles and Permissions
 
-| Action | XDR RBAC permissions      |
-| ------------------------------------- | ------------------------------------------------------------ |
-|Mark User Compromised                  | - Global Administrator <br> - Security Administrator|
-|Suspend User in Entra ID               | - Global Administrator |
-|Require User to Sign In Again          | - Global Administrator <br>|
-| Disable/Enable User in Active Directory | Refer to [Required permissions Defender for Identity in Microsoft Defender XDR](/defender-for-identity/role-groups#required-permissions-defender-for-identity-in-microsoft-defender-xdr)|
-| Force Password Reset in Active Directory | Refer to [Required permissions Defender for Identity in Microsoft Defender XDR](/defender-for-identity/role-groups#required-permissions-defender-for-identity-in-microsoft-defender-xdr)|
-| Suspend User in Okta | A custom role defined with permissions for Response (manage) Or One of the following Microsoft Entra roles: <br> - Security Operator <br> - Security Administrator <br> - Global Administrator|
-| Deactivate User in Okta | A custom role defined with permissions for Response (manage) Or One of the following Microsoft Entra roles: <br> - Security Operator <br> - Security Administrator <br> - Global Administrator|
-
+| Remediation Action | Active Directory  |Entra ID   | Okta  |
+|--|--|--|--|
+| Disable user | Refer to [Required permissions Defender for Identity in Microsoft Defender XDR](/defender-for-identity/role-groups#required-permissions-defender-for-identity-in-microsoft-defender-xdr) | - Global Administrator <br> - Security Administrator  | A custom role defined with permissions for Response (manage) or one of the following Microsoft Entra roles: <br> - Security Operator <br> - Security Administrator <br> - Global Administrator |
+| Enable user | Refer to [Required permissions Defender for Identity in Microsoft Defender XDR](/defender-for-identity/role-groups#required-permissions-defender-for-identity-in-microsoft-defender-xdr) | Global Administrator | A custom role defined with permissions for Response (manage) or one of the following Microsoft Entra roles: <br> - Security Operator <br> - Security Administrator <br> - Global Administrator |
+| Revoke all Users' sessions |N\A  | Global Administrator | A custom role defined with permissions for Response (manage) or one of the following Microsoft Entra roles: <br> - Security Operator <br> - Security Administrator <br> - Global Administrator |
+| Confirm user compromised |N\A  |  - Global Administrator <br> -Security Administrator | N/A|
+| Reset user password | Refer to [Required permissions Defender for Identity in Microsoft Defender XDR](/defender-for-identity/role-groups#required-permissions-defender-for-identity-in-microsoft-defender-xdr) | N\A | N\A
+| Deactivate user in Okta  | N\A | N\A | A custom role defined with permissions for Response (manage) or one of the following Microsoft Entra roles: <br> - Security Operator <br> - Security Administrator <br> - Global Administrator
+|  Set User risk to High/Medium/Low  | N\A | N\A | A custom role defined with permissions for Response (manage) or One of the following Microsoft Entra roles: <br> - Security Operator <br> - Security Administrator <br> - Global Administrator
 
 ## Related videos