deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-28 21:27:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

update auto-resolve content

Browse Source
This commit is contained in:
Joey Caparas 2018-09-13 13:51:27 -07:00
parent 52129929f1
commit f79899ac22
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
windows/security/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
View File

@ -22,19 +22,20 @@ ms.date: 09/06/2018
Depending on the Microsoft security products that you use, some advanced features might be available for you to integrate Windows Defender ATP with.
Turn on the following advanced features to get better protected from potentially malicious files and gain better insight during security investigations:
Use the following advanced features to get better protected from potentially malicious files and gain better insight during security investigations:
## Automated investigation
When you enable this feature, you'll be able to take advantage of the automated investigation and remediation features of the service. For more information, see [Automated investigations](automated-investigations-windows-defender-advanced-threat-protection.md).
## Auto-resolve remediated alerts
You can configure the automated investigations capability to resolve alerts where the automated analysis result status is "No threats found" or "Remediated".
For tenants created or or after Windows 10, version 1809 the automated investigations capability is configured by default to resolve alerts where the automated analysis result status is "No threats found" or "Remediated". If you dont want to have alerts auto-resolved, youll need to manually turn off the feature.
For tenants created prior that version, you'll need to manually turn this feature on.
>[!NOTE]
> - The result of the auto-resolve action may influence the Machine risk level calculation which is based on the active alerts found on a machine.
>- If a security operations analyst manually sets the status of an alert to "In progress" or "Resolved" the auto-resolve capability will not overrite it.
If you don't want to have alerts auto-resolved, you'll need to manually turn off the feature.
## Block file
This feature is only available if your organization uses Windows Defender Antivirus as the active antimalware solution and that the cloud-based protection feature is enabled.