We are adding the ability to take actions from the email entity page. You can take email remediation actions, create submissions, tenant level block actions (block sender/domain/file/URLs), investigative actions from email entity page. This message is associated with Microsoft 365 Roadmap ID 93295.
We are adding the ability to take actions from the email entity page. You can take email purge actions, create submissions, tenant level block actions (block sender/domain/file/URLs), investigative actions from email entity page.
When this will happen
Standard Release: We will begin rolling out mid-August and expect to complete it by late October.
How this will affect your organization
If you are part of the Security Operations team and use MDO remediation features, the following are the enhancements for the email entity page.
- New “Take action” button in top right corner of the email entity page.
- Clicking on the Take action button will open up a wizard to trigger different type of actions like email purge actions, investigative actions, submissions to Microsoft for further analysis, and block sender/domain.
- You can pick any action you would like to take and follow a few steps to complete the wizard.
- At the end of the flow, you will be able to see and track these actions in the unified action center for email actions, in the Submission portal for submissions, and in TABL page for TABL blocks.
- We are also introducing block URL and block attachments/files under email entity attachments and URLs tab. Select the suspicious file/URL to create a tenant level block list. Upon block rule creation, you will be able to track these under Policies & rules > Threat policies > Tenant Allow/Block List
What you need to do to prepare
You need the “search and purge” role to take email purge actions from email entity page.
More reference: Permissions in the Microsoft 365 Defender portal
Message ID: MC411431
Published: 08 August 2022
Updated: 08 August 2022
Platform: Web, World tenant