Remediation settings and actions

  • Last update on August 5th, 2024

Remediation elements

Remediation can involve alertsactions, and attestations.

Alert

This remediation feature sends an email alert to a stakeholder or manager, prompting them to take necessary action. It serves as a notification to ensure that responsible individuals are aware of the issue and can address it accordingly.

For example, the Out-of-the-box policy “Users without default MFA method” in the Security & Identity playbook will email the user asking them to complete the MFA enrollment process and identify a default authentication method.

Action

A remediation action consists of one or more automatisms that are executed to correct the identified anomalies (matched items). 

For example, the “Admin on Cloud without strong password” policy, included in the Out-of-the-box playbook Security & Identity, is associated with the “Set password required” action. When executed, this action forces admins without a strong password to reset their password with increased complexity.

Learn how to configure predefined policies.

Attestation

During the remediation process, an intermediate action called “attestation” may be required. This step involves engaging a stakeholder or manager to provide confirmation or approval before the remediation can proceed with the next action.

For example, the “Admin on Cloud without strong password” policy, included in the Out-of-the-box Teams Management playbook, provides an attestation and the action “Archive Teams group”.

Learn how to configure an attestation action.

Remember that attestations are actions and are shown in the Workflow, whereas alerts are not shown as they are not actions.