NEW - This page has been redesigned to include all investigation data you need to make a decision when security incidents are raised



How to access a security event details?


  • In the Report section, click on any security event displayed in the table
  • In the Alert email, click on "View event in Office Protect" 
  • In the ConnectWise or Autotask security event ticket, click on "View event in Office Protect"



What can I find in my security event details?


In the security event details, you can find:

  • The security event details: timestamp, description
  • Details if the security event has been ignored: ignoring date, whitelist rule if the event has been automatically ignored through a rule
  • All of the security event's entities on which Office Protect has been able to retrieve more details or potential remediation actions. More details are usually included on:
    • Users: Status, MFA state, last password change, alternate contacts, assigned licenses, admin roles, last sign-in date, creation date.
    • Applications, Teams applications: Type, description, state, publisher, verification state, creation date, admin roles, and granted permissions with their descriptions.
    • Mail flow rules, inbox rules: Status, rule details, why has it been flagged as suspicious by Office Protect.
    • Anonymous links: Status, permissions, and file path.

            If details are missing, Office Protect has not been able to retrieve them, either because of the entity status or because             details are not available.

  • All remediation actions available to mitigate the risks, act quickly and avoid potential damage if there is a compromise on your organization. If no remediation is available yet, a banner is displayed.
  • How to react: our recommendations to investigate the situation and take action if needed 


See all remediation actions details