From 34d447116881fbbf98e322b9324892ccb17ad38f Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 2 May 2018 12:56:06 -0700 Subject: [PATCH] update auto inv os support --- ...tigations-windows-defender-advanced-threat-protection.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md index 94e1a95594..9c89602bae 100644 --- a/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md @@ -36,8 +36,10 @@ The Automated investigations list shows all the investigations that have been in ## Understand the Automated investigation flow ### How the Automated investigation starts -Entities are the starting point for Automated investigations. When an alert contains a supported entity for Automated investigation (for example, a file) that resides on a machine that has a *supported operating system for Automated investigation then an Automated investigation can start. -*Currently only Windows 10 version 1803 (spring creators update) and above are supported operating systems for Autoamted Investigation +Entities are the starting point for Automated investigations. When an alert contains a supported entity for Automated investigation (for example, a file) that resides on a machine that has a supported operating system for Automated investigation then an Automated investigation can start. + +>[!NOTE] +>Currently, Automated investigation only supports Windows 10, version 1803 or later. The alerts start by analyzing the supported entities from the alert and also runs a generic machine playbook to see if there is anything else suspicious on that machine. The outcome and details from the investigation is seen in the Automated investigation view.