It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Login Sign Up Contact & Support

United States – English (GMT-6)

Email Protection

Total Email Protection

Email Gateway Defense (Email Security)

Impersonation Protection (Sentinel)

Cloud Archiving Service

Security Awareness Training (PhishLine)

Managed Security Awareness Training (Managed Phishline)

Email Security Gateway

Domain Fraud Protection

Incident Response

Message Archiver

WAF-as-a-Service

Web Application Firewall

Load Balancer ADC

Vulnerability Manager

Vulnerability Remediation Service

WAF Control Center

Active DDoS Prevention

CloudGen Firewall

CloudGen Access

Network Access Client

Firewall Insights

Web Security Gateway

Web Security Agent

Firewall Policy Manager

Intronis Backup (ECHOplatform)

Cloud-to-Cloud Backup

RMM (Managed Workplace)

Server Backup (Yosemite)

Campus Help Center / Reference

Onboarding Portal

Network Security

Support Services

Barracuda XDR

Overview Documentation Materials

Email Protection

Total Email Protection

Email Gateway Defense (Email Security)

Impersonation Protection (Sentinel)

Cloud Archiving Service

Security Awareness Training (PhishLine)

Managed Security Awareness Training (Managed Phishline)

Email Security Gateway

Domain Fraud Protection

Incident Response

Message Archiver

WAF-as-a-Service

Web Application Firewall

Load Balancer ADC

Vulnerability Manager

Vulnerability Remediation Service

WAF Control Center

Active DDoS Prevention

CloudGen Firewall

CloudGen Access

Network Access Client

Firewall Insights

Web Security Gateway

Web Security Agent

Firewall Policy Manager

Intronis Backup (ECHOplatform)

Cloud-to-Cloud Backup

RMM (Managed Workplace)

Server Backup (Yosemite)

Campus Help Center / Reference

Onboarding Portal

Network Security

Support Services

Login Sign Up Contact & Support

United States – English (GMT-6)

Viewing records of ATR actions for Microsoft Defender for Endpoint

Last updated on 2025-09-02 12:31:52

Every action carried out by ATR is detailed in the alert body and logged in the Audit Log in the Barracuda XDR Dashboard.

For automated actions, the user is listed as xdr.automation.

For manual actions, the source user is listed.

The potential actions are:

Microsoft Defender for Endpoint Start Isolate Device
Microsoft Defender for Endpoint Start Unisolate Device
Endpoint Device Isolation Result

To view records of ATR actions

In XDR Dashboard, click ATR Settings > Endpoint.
Click View Audit History.

This takes you to the Administration > Audit Log page. Filtering is applied to show you only ATR actions.

You can also view records of ATR actions on the Administration > Audit Log page by filtering the page on the Action field by:

Microsoft Defender for Endpoint Start Isolate Device
Microsoft Defender for Endpoint Start Unisolate Device
Endpoint Device Isolation Result