What feature in the Microsoft 365 Defender portal should be utilized to designate a quarantined file as safe?

Utilizing the History tab in the Action center to revert actions is the correct approach to designate a quarantined file as safe in the Microsoft 365 Defender portal. The Action center serves as a central hub for security alerts and actions taken against threats. In cases where a file has been incorrectly flagged as malicious, security analysts can review the actions taken on that file and choose to revert those actions through the History tab. This effectively restores the file, allowing it to be accessed again without the quarantine restrictions.

The process helps mitigate false positives and allows for proper management of legitimate files that might have been mistakenly quarantined. The ability to revert actions maintains the balance between security and operational efficiency by enabling quick remediation of potential errors in threat detection.

In contrast, other options focus on aspects such as investigation processes or querying threats, which do not provide a direct method for handling quarantined files. For instance, reviewing AIR processes or threat queries does not grant the capability to unquarantine files, and modifying rules from a different section does not immediately apply to individual quarantined items. Therefore, utilizing the History tab for reverting actions is the most appropriate method for declaring a quarantined file safe.