Configure automated investigation and remediation capabilities
Implementation Effort: Medium: Customer IT and Security Operations teams need to drive projects to set up device groups and configure automation levels.
User Impact: Low: Action can be taken by administrators, users don’t have to be notified.
Overview
Automated Investigation and Remediation (AIR) capabilities in Microsoft Defender for Endpoint help security operations teams by mimicking the steps a security analyst would take to investigate and remediate threats. These capabilities can be configured to automatically remediate threats or require approval from the security team, fitting into the Zero Trust framework by ensuring continuous monitoring and response to potential security incidents.
Reference
Configure automated investigation and remediation capabilities