🔥 3-day streak
Microsoft Security Operations Analyst54 / 190
Question 54 of 190

A SOC analyst is reviewing an incident in Microsoft Defender XDR where automated investigation identified a malicious file on three devices assigned to a device group configured with the 'Semi - require approval for all remediation' automation level. The analyst needs to review and approve the recommended remediation actions across all affected devices from a single, centralized location. Where in the Microsoft Defender portal should the analyst go to review and approve these actions in bulk?

Reviewed for accuracy · Report an issueNext question