.. _automate-security-management-defender-for-endpoint-actions:

Automate - Security Management - Defender for Endpoint Actions
--------------------------------------------------------------


Dashboard for Defender for Endpoint actions - endpoint management


.. raw:: latex


   \sphinxstylestrong{Links}

   \begin{itemize}
    
    \item \sphinxstylestrong{ Incident and Alert Actions }
    
    \begin{itemize}
    
    \item \sphinxstylestrong{Link Text:} View Incidents
    \item \sphinxstylestrong{Type:} device/msgraphsecurity/Incident
    \item \sphinxstylestrong{Display:} list
    
    \item \sphinxstylestrong{Filter Options:} []
    
    
    \item \sphinxstylestrong{Description:} View Microsoft Security incidents in the system and view further details about incidents
    
    \item \sphinxstylestrong{Link Text:} View Alerts
    \item \sphinxstylestrong{Type:} device/msgraphsecurity/Alert
    \item \sphinxstylestrong{Display:} list
    
    \item \sphinxstylestrong{Filter Options:} []
    
    
    \item \sphinxstylestrong{Description:} View Microsoft Security Alerts in the system for the selected hierarchy and view further details about alerts
       
    \end{itemize}
    \item \sphinxstylestrong{ Device Actions }
    
    \begin{itemize}
    
    \item \sphinxstylestrong{Link Text:} View Devices
    \item \sphinxstylestrong{Type:} device/mssecurity/Machine
    \item \sphinxstylestrong{Display:} list
    
    \item \sphinxstylestrong{Filter Options:} []
    
    
    \item \sphinxstylestrong{Description:} View device information for selected hierarchy as reported by the Microsoft Security machine objects
    
    \item \sphinxstylestrong{Link Text:} View and Manage Machine Actions
    \item \sphinxstylestrong{Type:} relation/MachineAction
    \item \sphinxstylestrong{Display:} list
    
    \item \sphinxstylestrong{Filter Options:} []
    
    
    \item \sphinxstylestrong{Description:} View list of actions initiated and status for devices
    
    \item \sphinxstylestrong{Link Text:} Bulk Actions
    \item \sphinxstylestrong{Type:} view/DefenderBulkActions
    \item \sphinxstylestrong{Display:} form
    
    \item \sphinxstylestrong{Filter Options:} []
    
    
    \item \sphinxstylestrong{Link Text:} Initiate Scan on Device(s)
    \item \sphinxstylestrong{Type:} view/DefenderBulkActions
    \item \sphinxstylestrong{Display:} form
    
    \item \sphinxstylestrong{Filter Options:} []
    
    
    \item \sphinxstylestrong{Configuration Template:} MicrosoftDefenderBulkAction_Scan
    
    
    \item \sphinxstylestrong{Description:} Initiate a scan on one or more devices with the associated type
    
    \item \sphinxstylestrong{Link Text:} Manage Isolation of Device(s)
    \item \sphinxstylestrong{Type:} view/DefenderBulkActions
    \item \sphinxstylestrong{Display:} form
    
    \item \sphinxstylestrong{Filter Options:} []
    
    
    \item \sphinxstylestrong{Configuration Template:} MicrosoftDefenderBulkAction_Isolation
    
    
    \item \sphinxstylestrong{Description:} Choose to isolate or unisolate on one or more devices with the associated type
    
    \item \sphinxstylestrong{Link Text:} Offboard Device(s)
    \item \sphinxstylestrong{Type:} view/DefenderBulkActions
    \item \sphinxstylestrong{Display:} form
    
    \item \sphinxstylestrong{Filter Options:} []
    
    
    \item \sphinxstylestrong{Configuration Template:} MicrosoftDefenderBulkAction_Offboard
    
    
    \item \sphinxstylestrong{Description:} Initiate offboarding of one or more devices from the system
    
    \item \sphinxstylestrong{Link Text:} Manage code execution on device(s)
    \item \sphinxstylestrong{Type:} view/DefenderBulkActions
    \item \sphinxstylestrong{Display:} form
    
    \item \sphinxstylestrong{Filter Options:} []
    
    
    \item \sphinxstylestrong{Configuration Template:} MicrosoftDefenderBulkAction_Code
    
    
    \item \sphinxstylestrong{Description:} Restrict or unrestrict code execution on one or more devices
    
    \item \sphinxstylestrong{Link Text:} Collect investigation from device(s)
    \item \sphinxstylestrong{Type:} view/DefenderBulkActions
    \item \sphinxstylestrong{Display:} form
    
    \item \sphinxstylestrong{Filter Options:} []
    
    
    \item \sphinxstylestrong{Configuration Template:} MicrosoftDefenderBulkAction_Collect
    
    
    \item \sphinxstylestrong{Description:} Collect investigation Package from one or more devices
    
    \item \sphinxstylestrong{Link Text:} Stop and Quarantine File on device(s)
    \item \sphinxstylestrong{Type:} view/DefenderBulkActions
    \item \sphinxstylestrong{Display:} form
    
    \item \sphinxstylestrong{Filter Options:} []
    
    
    \item \sphinxstylestrong{Configuration Template:} MicrosoftDefenderBulkAction_Quarantine
    
    
    \end{itemize}   
   \end{itemize}


   \sphinxstylestrong{Charts}
   \begin{itemize}
   
   
   \item \sphinxstylestrong{ Device Count by Exposure }
   \begin{itemize}
   \item \sphinxstylestrong{Description:} Count of machines by exposure level
   \item \sphinxstylestrong{Type:} chart-pie 
    \item \sphinxstylestrong{Resource:} Defender Devices
    
    \end{itemize}
   
   \item \sphinxstylestrong{ Device Count by Status }
   \begin{itemize}
   \item \sphinxstylestrong{Description:} Count of machine actions by type of action
   \item \sphinxstylestrong{Type:} chart-pie 
    \item \sphinxstylestrong{Resource:} Defender Devices
    
    \end{itemize}
   
   \item \sphinxstylestrong{ Action Count by Type }
   \begin{itemize}
   \item \sphinxstylestrong{Description:} Count of machine actions by type of action
   \item \sphinxstylestrong{Type:} chart-pie 
    \item \sphinxstylestrong{Resource:} Defender Actions
    
    \end{itemize}  
 
   \end{itemize}


   \sphinxstylestrong{Tables}
   \begin{itemize}
     
     
     \item \sphinxstylestrong{ Action Counts by machine - Top 10 } 
     \begin{itemize}
     \item \sphinxstylestrong{Resource:} Defender Actions
     \item \sphinxstylestrong{drilldown-modelType:} N/A
     
     
      \item \sphinxstylestrong{Fields:} Machine DNS Name
      
      
      \end{itemize}   
   \end{itemize}

  
.. raw:: html

   
    <h3>Links</h3>

      
    <table class="panel-table"><tbody>
       <tr>
       <th colspan=8 style="text-align:center">Incident and Alert Actions</th>
       </tr>
       <tr>
       <th>Link Text</th><th>Type</th><th>Display</th><th>Filter Options</th><th>Field Display Policy</th><th>Configuration Template</th><th>Condition</th><th>Description</th>
       </tr>
       
       <tr>
       <td>
       
       <a href="../ms-defender-for-endpoint.html">View Incidents</a>
       
       </td>
       <td>device/msgraphsecurity/Incident</td>
       <td>list</td>
       <td>[]</td>
       <td></td>
       <td></td>
       <td></td>
       <td>View Microsoft Security incidents in the system and view further details about incidents</td>
       </tr>
       <tr>
       <td>
       
       View Alerts
       
       </td>
       <td>device/msgraphsecurity/Alert</td>
       <td>list</td>
       <td>[]</td>
       <td></td>
       <td></td>
       <td></td>
       <td>View Microsoft Security Alerts in the system for the selected hierarchy and view further details about alerts</td>
       </tr>   
    </tbody></table>
    <table class="panel-table"><tbody>
       <tr>
       <th colspan=8 style="text-align:center">Device Actions</th>
       </tr>
       <tr>
       <th>Link Text</th><th>Type</th><th>Display</th><th>Filter Options</th><th>Field Display Policy</th><th>Configuration Template</th><th>Condition</th><th>Description</th>
       </tr>
       
       <tr>
       <td>
       
       <a href="../ms-defender-for-endpoint.html">View Devices</a>
       
       </td>
       <td>device/mssecurity/Machine</td>
       <td>list</td>
       <td>[]</td>
       <td></td>
       <td></td>
       <td></td>
       <td>View device information for selected hierarchy as reported by the Microsoft Security machine objects</td>
       </tr>
       <tr>
       <td>
       
       View and Manage Machine Actions
       
       </td>
       <td>relation/MachineAction</td>
       <td>list</td>
       <td>[]</td>
       <td></td>
       <td></td>
       <td></td>
       <td>View list of actions initiated and status for devices</td>
       </tr>
       <tr>
       <td>
       
       <a href="../ms-defender-for-endpoint.html">Bulk Actions</a>
       
       </td>
       <td>view/DefenderBulkActions</td>
       <td>form</td>
       <td>[]</td>
       <td></td>
       <td></td>
       <td></td>
       <td></td>
       </tr>
       <tr>
       <td>
       
       <a href="../ms-defender-for-endpoint.html">Initiate Scan on Device(s)</a>
       
       </td>
       <td>view/DefenderBulkActions</td>
       <td>form</td>
       <td>[]</td>
       <td></td>
       <td>MicrosoftDefenderBulkAction_Scan</td>
       <td></td>
       <td>Initiate a scan on one or more devices with the associated type</td>
       </tr>
       <tr>
       <td>
       
       <a href="../ms-defender-for-endpoint.html">Manage Isolation of Device(s)</a>
       
       </td>
       <td>view/DefenderBulkActions</td>
       <td>form</td>
       <td>[]</td>
       <td></td>
       <td>MicrosoftDefenderBulkAction_Isolation</td>
       <td></td>
       <td>Choose to isolate or unisolate on one or more devices with the associated type</td>
       </tr>
       <tr>
       <td>
       
       <a href="../ms-defender-for-endpoint.html">Offboard Device(s)</a>
       
       </td>
       <td>view/DefenderBulkActions</td>
       <td>form</td>
       <td>[]</td>
       <td></td>
       <td>MicrosoftDefenderBulkAction_Offboard</td>
       <td></td>
       <td>Initiate offboarding of one or more devices from the system</td>
       </tr>
       <tr>
       <td>
       
       <a href="../ms-defender-for-endpoint.html">Manage code execution on device(s)</a>
       
       </td>
       <td>view/DefenderBulkActions</td>
       <td>form</td>
       <td>[]</td>
       <td></td>
       <td>MicrosoftDefenderBulkAction_Code</td>
       <td></td>
       <td>Restrict or unrestrict code execution on one or more devices</td>
       </tr>
       <tr>
       <td>
       
       <a href="../ms-defender-for-endpoint.html">Collect investigation from device(s)</a>
       
       </td>
       <td>view/DefenderBulkActions</td>
       <td>form</td>
       <td>[]</td>
       <td></td>
       <td>MicrosoftDefenderBulkAction_Collect</td>
       <td></td>
       <td>Collect investigation Package from one or more devices</td>
       </tr>
       <tr>
       <td>
       
       <a href="../ms-defender-for-endpoint.html">Stop and Quarantine File on device(s)</a>
       
       </td>
       <td>view/DefenderBulkActions</td>
       <td>form</td>
       <td>[]</td>
       <td></td>
       <td>MicrosoftDefenderBulkAction_Quarantine</td>
       <td></td>
       <td></td>
       </tr>   
    </tbody></table>   

  
.. raw:: html


   <h3>Charts</h3>

   <table class="panel-table">
     <thead>
     <tr>
     <th colspan=4  style="text-align:center">CHARTS</th>
     </tr>
     <tr>
     <th>Title</th><th>Type</th><th>Resource</th><th>Description</th>
     </tr>
     </thead>
     <tbody>
     <tr>
     
     
     <tr> 
          <td>Device Count by Exposure</td>
          <td>chart-pie</td>
	  
	  <td><a href="#">Defender Devices</a></td>
	  
	  
           <td>Count of machines by exposure level</td>
      
     </tr>
     
     <tr> 
          <td>Device Count by Status</td>
          <td>chart-pie</td>
	  
	  <td><a href="#">Defender Devices</a></td>
	  
	  
           <td>Count of machine actions by type of action</td>
      
     </tr>
     
     <tr> 
          <td>Action Count by Type</td>
          <td>chart-pie</td>
	  
	  <td><a href="#">Defender Actions</a></td>
	  
	  
           <td>Count of machine actions by type of action</td>
      
     </tr>   
   </tbody></table>

  
.. raw:: html

   <h3>Tables</h3>
  
   <table class="panel-table">
     <thead>
     <tr>
     <th colspan=4  style="text-align:center">TABLES</th>
     </tr>
     <tr>
     <th>Title</th><th>Resource</th><th>Fields</th><th>Drill-down</th>
     </tr>
     </thead>
     <tbody>
     <tr>
     
     
     <tr> <td>Action Counts by machine - Top 10</td>
	  
          <td><a href="#">Defender Actions</a></td>
	  
	  
          <td>
           
           Machine DNS Name </br>
         </td>
          <td>drilldown-modelType: N/A</td>
      
     </tr>   
   </tbody></table>