From 2ad723940f7f30e3972eaee33c12deab37c773b1 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 18 May 2020 15:12:26 -0700 Subject: [PATCH] Update configure-automated-investigations-remediation.md --- ...gure-automated-investigations-remediation.md | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation.md b/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation.md index 9933be63af..840528dcfa 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation.md @@ -19,4 +19,19 @@ ms.topic: conceptual # Configure automated investigation and remediation capabilities in Microsoft Defender Advanced Threat Protection -If your organization is using [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/en-us/windows/security/threat-protection/) (Microsoft Defender ATP), you have [automated investigation and remediation capabilities](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/automated-investigations) that can save your security operations team time and effort. \ No newline at end of file +**Applies to** + +- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) + +If your organization is using [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/en-us/windows/security/threat-protection/) (Microsoft Defender ATP), [automated investigation and remediation capabilities](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/automated-investigations) can save your security operations team time and effort. + +Automated investigation and remediation capabilities mimic the ideal steps that a security analyst takes to investigate and remediate threats: +1. Investigate alerts that were triggered, and analyze evidence. +2. Remediate threats quickly, as appropriate. +3. Resolve alerts as remediation actions are taken, and update investigation status. +4. Find other impacted devices, and repeat steps 1-3 as necessary. + +[Learn more about automated investigation and remediation](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/automated-investigations). + +## Configure automated investigation and remediation capabilities +