From e4a2d0e0b0d511a341436e340377b347b00e1fb8 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 28 Sep 2020 17:35:28 -0700 Subject: [PATCH] Update automated-investigations.md --- .../microsoft-defender-atp/automated-investigations.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md index 31c5202907..7dded81134 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md +++ b/windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md @@ -88,7 +88,7 @@ You can configure the following levels of automation: > [!IMPORTANT] > Regarding automation levels and default settings: -> - If your tenant already has device groups defined, the automation level settings are not changed for those device groups. +> - If your tenant already has device groups defined, then the automation level settings are not changed for those device groups. > - If your tenant was onboarded to Microsoft Defender for Endpoint *before* August 16, 2020, and you have not defined a device group, your organization's default setting is **Semi - require approval for any remediation**. > - If your tenant was onboarded to Microsoft Defender for Endpoint *before* August 16, 2020, and you do have a device group defined, you also have an **Ungrouped devices (default)** device group that is set to **Semi - require approval for any remediation**. > - If your tenant was onboarded to Microsoft Defender for Endpoint *on or after* August 16, 2020, and you have not defined a device group, your orgnaization's default setting is **Full - remediate threats automatically**.