deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 21:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Update automation-levels.md

Browse Source
This commit is contained in:
Denise Vangel-MSFT 2020-10-22 08:28:05 -07:00
parent 979781a313
commit dc2a78cf52
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
windows/security/threat-protection/microsoft-defender-atp/automation-levels.md
View File

@ -25,7 +25,12 @@ ms.custom: AIR
# Automation levels in automated investigation and remediation capabilities
Automation levels determine whether remediation actions are taken automatically or only upon approval following an automated investigation. Microsoft Defender for Endpoint offers several levels of automation. This article describes the various levels of automation and includes recommendations to consider.
Microsoft Defender for Endpoint offers several levels of automation for automated investigation and remediation (AIR). Automation levels determine whether remediation actions are taken automatically or only upon approval following an automated investigation.
- Full automation (this is recommended option) means remediation actions are taken automatically.
- Semi-automation means some remediation actions are taken automatically, but other remediation actions await approval before being taken.
-
This article describes the various levels of automation and includes recommendations to consider.
> [!TIP]
> For best results, we recommend using full automation when you set your level of automation. Data collected and analyzed over the past year shows that customers who are using full automation had 40% more high-confidence malware samples removed than customers who are using lower levels of automation. Full automation can help free up your security operations resources to focus more on your strategic initiatives.