deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-15 14:57:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update manage-auto-investigation.md

Browse Source
This commit is contained in:
Denise Vangel-MSFT 2020-09-15 12:09:36 -07:00
parent cf489095e0
commit 008840d52d
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
View File

@ -15,13 +15,16 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/15/2020
---
# Review and approve actions following an automated investigation
## Remediation actions
When an automated investigation runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. Depending on the type of threat and resulting verdict, remediation actions occur automatically or upon approval by your organizations security operations team. For example, some actions, such as removing malware, are taken automatically. Other actions require review and approval to proceed.
When an automated investigation runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. Depending on the type of threat, the resulting verdict, and how your organization's device groups are configured, remediation actions occur automatically or upon approval by your organizations security operations team.
For example, some actions, such as removing malware, are taken automatically. Other actions require review and approval to proceed.
When a verdict of *Malicious* is reached for a piece of evidence, Microsoft Defender Advanced Threat Protection takes one of the following remediation actions automatically:
- Quarantine a file