From 890d77d9fe6902b16f45cece944709390ef926fd Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT <deniseb@microsoft.com>
Date: Wed, 21 Oct 2020 15:59:13 -0700
Subject: [PATCH] Update automated-investigations.md

---
 .../microsoft-defender-atp/automated-investigations.md       | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
index 0b78652e93..a0d5e99a7f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
@@ -78,6 +78,11 @@ If an incriminated entity is seen in another device, the automated investigation
 
 ## How threats are remediated
 
+As alerts are triggered, and an automated investigation runs, the investigation can result in one or more remediation actions. 
+
+Depending on the [level of automation](automation-levels.md) set for your organization, remediation actions can occur automatically or only upon approval by your security operations team. 
+
+All remediation actions, whether pending or completed, can be viewed in Action Center. To learn more, see [Review and approve remediation actions following an automated investigation](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation).
 
 ## Next steps