Monitor the detection phase
When a policy is run, a large amount of data is analyzed to identify anomalies (matched items), which are then alerted and reported. The time required for detection depends on several factors, such as the amount of data stored in your tenant, so no estimate can be provided.
Monitor the remediation phase
After the remediation has started, it is possible to monitor its execution, understand the activities in progress, and analyze any failed remediation.
Where and how can I monitor the progress?
Remediating means executing the Workflow associated with a policy to resolve the matched items that have been detected.
It is possible to monitor the execution of the Workflows from two separate sections:
- The “Task notifications” panel
- The “Operational view”
Remember: it is possible to analyze the executed Workflow for each individual matched item.
1. From the Task notification panel
To monitor the successful execution of a remediation action, simply open the "Task notification" panel by clicking on the bell icon in the top bar menu.
In the panel, you will find a notification for each item that needs to be remediated.
For example, if you run a remediation for a policy with 12 detected matched items, you will see 12 notifications in the panel. This allows you to check the status and outcome of each executed Workflow.
Remember that when you “run a remediation” it means you are executing the Workflow associated with the policy.
Read more about how remediation is performed.
2. From the “Operational view”
You can also monitor the Workflow execution history from the “Operational view”. When you access it, you will see a snapshot from the following widgets:
- Workflow progress by policy
- Recently failed Workflows
- Recently succeeded Workflows
If you need more information to investigate them, such as understanding why one or more Workflows failed, you can click on “See details” to obtain the full report for each widget.
The "Workflow progress by policy" report provides a comprehensive overview of the execution status of each policy, showing you the number of Workflows that have succeeded, failed, are pending, and more.
Clicking “See details” and selecting a value reveals the “Execution” list from the Workflow section.
Workflows are not included in the Essentials solution.
Under "Recently failed" you can access the list of Workflows that have failed. By clicking on a Workflow title, you can investigate the execution history details for each action included in the Workflow and understand why it has failed.
Status “In progress”
If the status stays as “In progress” for days, it's likely because the remediation action for that policy requires an attestation. In this case, the remediation will not be completed until the recipient responds to the email or the timeout days expire.