From 263430e8baafe380c59cc3493a2bd01d95d6267e Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 28 Jan 2021 16:21:27 -0800 Subject: [PATCH] more AIR fixes --- .../auto-investigation-action-center.md | 6 ++---- .../configure-automated-investigations-remediation.md | 4 ++-- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md b/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md index 8b655515ee..2fa0e58e07 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md +++ b/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md @@ -1,5 +1,5 @@ --- -title: Visit the Action center to view remediation actions +title: Visit the Action center to see remediation actions description: Use the action center to view details and results following an automated investigation keywords: action, center, autoir, automated, investigation, response, remediation search.product: eADQiWindows 10XVcnh @@ -21,9 +21,7 @@ ms.date: 01/28/2021 ms.technology: mde --- -# Visit the Action center to view remediation actions - -[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)] +# Visit the Action center to see remediation actions During and after an automated investigation, remediation actions for threat detections are identified. Depending on the particular threat and how [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection) is configured for your organization, some remediation actions are taken automatically, and others require approval. If you're part of your organization's security operations team, you can view pending and completed [remediation actions](manage-auto-investigation.md#remediation-actions) in the **Action center**. diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation.md b/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation.md index 14d72f0bf5..be33439d64 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation.md @@ -16,7 +16,7 @@ manager: dansimp audience: ITPro ms.collection: M365-security-compliance ms.topic: article -ms.date: 09/24/2020 +ms.date: 01/27/2021 ms.reviewer: ramarom, evaldm, isco, mabraitm, chriggs --- @@ -45,7 +45,7 @@ To configure automated investigation and remediation, 2. Select **+ Add device group**. 3. Create at least one device group, as follows: - Specify a name and description for the device group. - - In the **Automation level list**, select a level, such as **Full – remediate threats automatically**. The automation level determines whether remediation actions are taken automatically, or only upon approval. To learn more, see [How threats are remediated](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations#how-threats-are-remediated). + - In the **Automation level list**, select a level, such as **Full – remediate threats automatically**. The automation level determines whether remediation actions are taken automatically, or only upon approval. To learn more, see [Automation levels in automated investigation and remediation](automation-levels.md). - In the **Members** section, use one or more conditions to identify and include devices. - On the **User access** tab, select the [Azure Active Directory groups](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-manage-groups?context=azure/active-directory/users-groups-roles/context/ugr-context) who should have access to the device group you're creating. 4. Select **Done** when you're finished setting up your device group.