Configure automated investigation and remediation capabilities

Implementation Effort: Medium: Customer IT and Security Operations teams need to drive projects to set up device groups and configure automation levels.

User Impact: Low: Action can be taken by administrators, users don’t have to be notified.

Overview

Automated Investigation and Remediation (AIR) capabilities in Microsoft Defender for Endpoint help security operations teams by mimicking the steps a security analyst would take to investigate and remediate threats. These capabilities can be configured to automatically remediate threats or require approval from the security team, fitting into the Zero Trust framework by ensuring continuous monitoring and response to potential security incidents.

Reference

Configure automated investigation and remediation capabilities