Remediate security alerts with Microsoft Defender
Microsoft Defender is designed to catch a range of suspicious activities and malicious behaviors. It includes tools to help detect and respond to security risks, but knowing how to act on security alerts is key to securing your devices.
Note: Our GoDaddy Guides can help you set up Defender and make sure your license is properly applied. However, they cannot give you in-depth guidance on using the Defender portal or interpreting specific security alerts beyond this article. See our Statement of Support.
Defender sends you 4 main types of alerts: it lets you know when malware is detected and handled, warns you about coordinated attacks, flags suspicious emails like phishing attempts and spots any unusual behavior that might signal trouble.
- Sign in to the Microsoft Defender portal. Use your Microsoft 365 email address and password (your GoDaddy username and password won’t work here).
- To see your devices at risk, on the leftmost side, select Assets, and then Devices.
Review alert details for a specific device
- To review alert details for a specific device, select the device. The device details page will open.
- To see more information about an alert or incident, under the device name, select Incidents and alerts.
Run an antivirus scan
- To run an antivirus scan that will search for and remove malicious files, on the Overview page, in the upper-right corner, select
More actions, and then Run Antivirus Scan.
- Select the scan type, and then Confirm.
Trigger automated investigation
- To run an automated investigation (an in-depth analysis that identifies the root cause and flags any related issues), on the Overview page, in the upper-right corner, select
More actions, and then Initiate Automated Investigation. You'll see a message confirming that the investigation started.
Isolate the device (if the threat is severe)
- If the threat is severe, continue with device isolation. On the Overview page, in the upper-right corner, select
More actions, and then Isolate Device. This disconnects the device from the network to restrict further infection.
- Select
More actions again, and then Restrict App Execution. This will limit the device’s ability to run potentially harmful applications.
Monitor ongoing incidents
- To monitor ongoing incidents, on the leftmost side, select Incidents & alerts, and then one of the options.
- Revisit this section to verify that all alerts are addressed.
Related steps
- Check out additional actions you can take in the Defender portal from Microsoft.
- If you need more advanced assistance or want an expert to handle remediation for you, check out GoDaddy Paid IT Services. Our IT professionals can help you respond to security threats and maintain a safe business environment.