Assign incidents and alerts to someone else

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Tech Community.

You can now assign incidents and alerts to someone else in your organization

 

To control and manage incidents and alerts in the organization, sometimes you would need to assign them to a specific analyst. Now you can do that right from the incident queue in Microsoft 365 Defender.

 

How does it work?

 

From the incident or alert side pane in the incident queue or the incident page, select Manage incident/alert and choose the user account you want to assign.

Idan_Pelleg_10-1633262326506.png

 

By default, the first value in the “assign to” drop menu will be yourself (“Me” at the title).

Note that you can choose all users from the organization, but only users with access to the Microsoft 365 Defender portal will be able to view the incident or alert. So, to help you assign the most relevant people in the organization, the rest of the default suggestions you will get are the latest assignees you chose.

Idan_Pelleg_11-1633262337652.png

 

Once the user is assigned, he can filter to see only incidents that are assigned to himself. A SOC manager that dispatches the incident queue can also filter for all unassign incidents or alerts to choose the relevant incident he would like to assign.

 

 

 

 

REMEMBER: these articles are REPUBLISHED. Your best bet to get a reply is to follow the link at the top of the post to the ORIGINAL post! BUT you're more than welcome to start discussions here:

This site uses Akismet to reduce spam. Learn how your comment data is processed.