Fix ATP Threat Explorer Incident Reporting
We would like to use ATP Threat Explorer to mitigate phishing messages coming into our environment. The incident reporting does not build confidence in the tool. As an example I recently used it to hard delete 6 messages from our environment. The incident report did not give data for two full days. When it did, it reported status "Failed". However, looking at the report details, all six messages show hard delete status "Success", with no failures. Accurate and timely reporting of incident results will build confidence in the ATP Threat Explorer tool.
One other comment - when something like a hard delete fails, we need to know why and a way to retry.
Agreed. When needing to remove emails from mailboxes, it can't take hours. If emails aren't removed within a few minutes, then the chance of a user seeing and interacting with the bad email goes way up, which makes this feature useless. It also must report back quickly - even if it's working in the background - so further response can be planned.