You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-office-365/remediate-malicious-email-delivered-office-365.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -31,7 +31,7 @@ Remediation means to take a prescribed action against a threat. Malicious email
31
31
-**Organization limits**: The maximum number of active, concurrent email remediations is 50. Once the limit is reached, no new remediations are triggered until some actions are completed.
32
32
-**Email message limits**: If an active remediation involves more than one million email messages, no new email remediations are allowed.
33
33
-**Recipient requirements in remediations**:
34
-
- The total percentage of selected recipients must be at least 40% of the total email message count in the remediation. If the remediation requires the deletion of 5,000 email messages, the remediation must target at least 2,000 recipients. Explorer (Threat Explorer) counts each recipient as a unique email message. For example, Threat Exporer counts a message sent to 5 addresses as 5 messages.
34
+
- The total percentage of selected recipients must be at least 40% of the total email message count in the remediation. If the remediation requires the deletion of 5,000 email messages, the remediation must target at least 2,000 recipients. Explorer (Threat Explorer) counts each recipient as a unique email message. For example, Threat Explorer counts a message sent to 5 addresses as 5 messages.
35
35
- If the recipient count is less than 40% of the total email message count, the remediation can't be used to delete more than 1,000 messages that were sent to a single recipient.
36
36
37
37
- You need to be assigned permissions before you can do the procedures in this article. Admins can take the required action on email messages, but the **Search and Purge** role is required to get those actions approved. To assign the **Search and Purge** role, you have the following options:
@@ -77,7 +77,7 @@ Unified Action Center shows remediation actions for the past 30 days. Actions ta
77
77
78
78
Open any remediation item to view details about it, including its remediation name, approval ID, Investigation ID, creation date, description, status, action source, action type, decided by, status. It also opens a side pane with action details, email cluster details, alert, and Incident details.
79
79
80
-
-**Open Investigation page**: Opens an admin investigation that contains fewer details and tabs. It shows details like: related alert, entity selected for remediation, action taken, remediation status, entity count, logs, and approver of action. Tracks an investigation manually done by the admin manually and contains details to selections made by the admin. There's no need to act on the investigation and alert (it's already in the Approved state).
80
+
-**Open Investigation page**: Opens an admin investigation that contains fewer details and tabs. It shows details like: related alert, entity selected for remediation, action taken, remediation status, entity count, logs, and approver of action. Tracks an investigation manually done by the admin and contains details to selections made by the admin. There's no need to act on the investigation and alert (it's already in the Approved state).
81
81
-**Email count**: Displays the number of email messages submitted through Explorer. These messages can be actionable or not actionable.
82
82
-**Action logs**: Shows the details of remediation status like successful, failed, and already in destination.
0 commit comments