Skip to Content
AutomationAuto RemediationRemediation Dashboard

Remediation Dashboard

Automatically detect and fix common issues across your M365 environment. The remediation dashboard provides a centralized view of all auto-remediation activity, playbook status, and key performance metrics.

Note: Auto-remediation reduces response time from hours to seconds. When threats are detected, automated playbooks execute immediately while alerting technicians.

Dashboard Metrics

MetricExample ValueDescription
Issues Remediated156Total issues automatically resolved in the last 30 days
Active Playbooks12Number of playbooks currently enabled and monitoring
Avg. Response Time45sMean time from detection to remediation action
Success Rate98%Percentage of remediation actions completed successfully

Built-in Playbooks

The dashboard shows all configured playbooks with their current status:

Compromised User Response

Status: Active

Triggers on high-risk sign-in or user risk detection.

  1. Block user sign-in immediately
  2. Revoke all active sessions
  3. Reset password and require MFA re-registration
  4. Create ticket and notify SOC team

Device Non-Compliance

Status: Active

Triggers when device becomes non-compliant in Intune.

  1. Send notification to device owner
  2. Force device sync after 4 hours
  3. If still non-compliant after 24h, block access
  4. Create ticket for IT review

Suspicious Mail Rule

Status: Active

Detects inbox rules forwarding to external addresses.

  1. Disable the suspicious rule immediately
  2. Alert security team
  3. Check for other suspicious activity
  4. Notify user and manager

MFA Not Registered

Status: Paused

Users without MFA after registration deadline.

  1. Send reminder email with instructions
  2. After 7 days, send final warning
  3. After 14 days, block sign-in until MFA registered

Stale Account Cleanup

Status: Active

Users with no sign-in for 90+ days.

  1. Notify user’s manager for confirmation
  2. If confirmed inactive, disable account
  3. After 30 days, remove licenses
  4. After 60 days, convert mailbox to shared

Approval Gates

For sensitive actions, the dashboard surfaces pending approval requests:

  • Pause playbook and send approval request
  • Approve via email, Teams, or dashboard
  • Set timeout for auto-rejection or auto-approval
  • Require multiple approvers for critical actions

Dashboard Filters

Filter the dashboard view by:

  • Time range — Last 24 hours, 7 days, 30 days, or custom
  • Playbook — View metrics for a specific playbook
  • Tenant — Filter by managed tenant
  • Status — Active, Paused, or Error playbooks

Best Practices

  • Review the dashboard daily — Catch failures and anomalies early
  • Monitor success rate trends — A declining success rate indicates playbook issues or environmental changes
  • Address paused playbooks — Investigate and resolve the cause before re-enabling
  • Set up dashboard alerts — Configure notifications when success rate drops below threshold

API Reference

  • GET /api/automation/playbooks — List all playbooks
  • POST /api/automation/playbooks — Create new playbook
  • POST /api/automation/playbooks/:id/run — Manually trigger playbook
  • GET /api/automation/executions — List execution history
  • POST /api/automation/approvals/:id — Approve or reject pending action
Last updated on
PlaybooksScheduled Tasks