Trigger the Microsoft Defender for Endpoint from Configuration Item related list

  • Versão de lançamento: Australia
  • Atualizado 12 de mar. de 2026
  • 1 min. de leitura

    • Trigger a capability profile manually from the configuration item related list.

    Antes de Iniciar

    Role required: sn_si.admin or sn_si.analyst

    Procedimento

    1. Navigate to Security Incidents > Show All Incidents.
    2. Select the security incident that you want to review with the Microsoft Defender for Endpoint information.
    3. Click Show All Related Lists.
    4. Click the Configuration Item related list.
    5. Select the added configuration items.
    6. From the Actions on selected rows, select a capability.
      The selected capability is triggered manually.
    7. Validate the work notes and activities section.
    8. View the tags, and validate the data in the related lists.