Remediation Actions
Close compliance gaps with automated and manual remediation workflows. OpsPilot365 provides prescriptive remediation playbooks for Microsoft 365 configuration issues, impact assessment before applying changes, full audit trails, and rollback capability for every action taken.
Note: Remediation Actions works in conjunction with Drift Detection and Compliance Alerts to provide a closed-loop compliance management workflow. When a compliance gap is identified, a remediation action is created with step-by-step guidance to resolve the issue across one or more managed tenants.
Remediation Overview
| Metric | Value |
|---|---|
| Open Actions | 14 |
| In Progress | 7 |
| Completed (30d) | 89 |
| Rolled Back | 3 |
Remediation Types
- Automated Remediation — One-click or scheduled fixes applied directly through Microsoft Graph API and PowerShell. Includes enabling MFA, configuring Conditional Access, setting mailbox audit logging, enabling BitLocker via Intune, and adjusting SharePoint sharing settings.
- Guided Manual Remediation — Step-by-step instructions with screenshots, portal navigation paths, and configuration values. Used for complex changes requiring client approval.
- Bulk Remediation — Apply the same remediation across multiple tenants simultaneously. Supports rolling deployment with per-tenant progress tracking and automatic pause on failures.
- Scheduled Remediation — Queue actions for execution during maintenance windows. Supports one-time and recurring schedules for drift corrections.
Remediation Playbooks
| Playbook | Controls | Type | Impact |
|---|---|---|---|
| Enable MFA for All Users | IA-2, AC-7 (NIST), 5.2.1 (CIS) | Automated | User sign-in flow change |
| Block Legacy Authentication | AC-17 (NIST), 1.1.1 (CIS) | Automated | May break older mail clients |
| Configure DLP Policies | SC-7 (NIST), CC6.7 (SOC 2) | Guided | May block legitimate sharing |
| Enable Mailbox Auditing | AU-2 (NIST), CC7.2 (SOC 2) | Automated | No user impact |
| Enforce Device Compliance | CM-6 (NIST), 164.312(d) (HIPAA) | Guided | Non-compliant devices blocked |
| Set Audit Log Retention | AU-11 (NIST), A.12.4 (ISO 27001) | Automated | No user impact, storage cost may increase |
Impact Assessment
Before any remediation is applied, OpsPilot365 performs an impact assessment.
- User Impact Analysis — Identifies the number and types of users affected. Highlights admin and service accounts separately.
- Service Impact Analysis — Evaluates which Microsoft 365 services and workloads will be affected. Checks for dependencies between settings.
- Rollback Feasibility — Assesses whether the change can be automatically rolled back. Captures current configuration state as a snapshot.
Warning: High-impact remediation actions that affect user access or service availability require explicit approval before execution. Configure approval workflows in Trust Center Settings to require manager, client, or dual-approval for sensitive changes.
Remediation History and Audit Trail
| Field | Description |
|---|---|
| Action ID | Unique identifier for the remediation action |
| Tenant | Target Microsoft 365 tenant name and ID |
| Playbook | Remediation playbook used, or custom action description |
| Controls Affected | Compliance controls addressed by the remediation |
| Executed By | Technician who initiated or approved the action |
| Timestamp | Execution date and time with timezone |
| Pre-Change Snapshot | Configuration state captured before the change |
| Result | Success, partial success, failed, or rolled back |
| Verification | Post-remediation compliance scan result confirming the fix |
Rollback Capability
- Automatic Snapshots — Before any automated change, current configuration is exported and stored as a JSON snapshot. Retained for 90 days by default.
- One-Click Rollback — Revert any automated remediation to its pre-change state. A verification scan runs automatically after rollback.
- Partial Rollback — For bulk remediation across multiple tenants, roll back individual tenants without affecting others.
Best Practices
- Always review the impact assessment before applying automated remediations to production tenants
- Use scheduled remediation windows for changes that affect user sign-in or service availability
- Test remediation playbooks on a non-production tenant before rolling out across your client portfolio
- Require client approval for high-impact changes through the approval workflow configuration
- Monitor remediation history weekly to track resolution velocity and identify recurring drift
- Keep rollback snapshots for at least the duration of your compliance audit cycle
API Reference
GET /api/addons/trust-center/remediation— List all remediation actions with filteringPOST /api/addons/trust-center/remediation— Create a new remediation actionPOST /api/addons/trust-center/remediation/:actionId/execute— Execute a pending remediation actionPOST /api/addons/trust-center/remediation/:actionId/rollback— Rollback to pre-change stateGET /api/addons/trust-center/remediation/:actionId/snapshot— Retrieve pre-change snapshotGET /api/addons/trust-center/playbooks— List available remediation playbooksPOST /api/addons/trust-center/remediation/bulk— Create bulk remediation across tenantsGET /api/addons/trust-center/remediation/history— Retrieve remediation audit trail
Last updated on