Step 1 – Scenario
The alert in the exhibit is named Alert2.
Current status = Resolved.
The task is to identify which statuses you can change the alert to.
Step 2 – Microsoft 365 Alert Lifecycle
In Microsoft 365 compliance and security alerts, an alert can move between multiple statuses depending on investigation and remediation. The available statuses are:
Active – The alert is new and not yet acted upon.
Investigating – The alert is under review.
Resolved – The alert has been addressed.
Dismissed – The alert is ignored or deemed not relevant.
Step 3 – Status changes from "Resolved"
If an alert is in the Resolved state, administrators can reopen or reclassify it. According to Microsoft documentation, from Resolved, you can change it to:
Active
Investigating
Dismissed
This allows flexibility in continuing investigations if needed or dismissing false positives.
Step 4 – Microsoft Reference
From Microsoft Docs: “You can change the status of an alert between Active, Investigating, Resolved, and Dismissed to reflect its current stage in the triage process.”
