Update configure-automated-investigations-remediation.md

windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation.md

@@ -19,4 +19,19 @@ ms.topic: conceptual
 
 # Configure automated investigation and remediation capabilities in Microsoft Defender Advanced Threat Protection
 
-If your organization is using [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/en-us/windows/security/threat-protection/) (Microsoft Defender ATP), you have [automated investigation and remediation capabilities](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/automated-investigations) that can save your security operations team time and effort. 
+**Applies to**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+
+If your organization is using [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/en-us/windows/security/threat-protection/) (Microsoft Defender ATP), [automated investigation and remediation capabilities](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/automated-investigations) can save your security operations team time and effort. 
+
+Automated investigation and remediation capabilities mimic the ideal steps that a security analyst takes to investigate and remediate threats:
+1. Investigate alerts that were triggered, and analyze evidence.
+2. Remediate threats quickly, as appropriate.
+3. Resolve alerts as remediation actions are taken, and update investigation status.
+4. Find other impacted devices, and repeat steps 1-3 as necessary.
+
+[Learn more about automated investigation and remediation](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/automated-investigations). 
+
+## Configure automated investigation and remediation capabilities
+