From 70434e129d9e768fb2b75d2f44ca9ad62fd9264f Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Tue, 4 Dec 2018 13:09:47 -0800 Subject: [PATCH] add bullet to auto ir note --- ...vestigations-windows-defender-advanced-threat-protection.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md index e5750beb78..3caa3bf11d 100644 --- a/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat-protection.md @@ -11,7 +11,7 @@ ms.pagetype: security ms.author: macapara author: mjcaparas ms.localizationpriority: medium -ms.date: 09/03/2018 +ms.date: 12/04/2018 --- # Overview of Automated investigations @@ -31,6 +31,7 @@ Entities are the starting point for Automated investigations. When an alert cont >[!NOTE] >Currently, Automated investigation only supports Windows 10, version 1803 or later. +>Some investigation playbooks, like memory investigations, require Windows 10, version 1809 or later. The alerts start by analyzing the supported entities from the alert and also runs a generic machine playbook to see if there is anything else suspicious on that machine. The outcome and details from the investigation is seen in the Automated investigation view.