This article is contributed. See the original author and article here.

You can now assign incidents and alerts to someone else in your organization


 


To control and manage incidents and alerts in the organization, sometimes you would need to assign them to a specific analyst. Now you can do that right from the incident queue in Microsoft 365 Defender.


 


How does it work?


 


From the incident or alert side pane in the incident queue or the incident page, select Manage incident/alert and choose the user account you want to assign.


Idan_Pelleg_10-1633262326506.png


 


By default, the first value in the “assign to” drop menu will be yourself (“Me” at the title).


Note that you can choose all users from the organization, but only users with access to the Microsoft 365 Defender portal will be able to view the incident or alert. So, to help you assign the most relevant people in the organization, the rest of the default suggestions you will get are the latest assignees you chose.


Idan_Pelleg_11-1633262337652.png


 


Once the user is assigned, he can filter to see only incidents that are assigned to himself. A SOC manager that dispatches the incident queue can also filter for all unassign incidents or alerts to choose the relevant incident he would like to assign.


 


 


 


 

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.