From ff4677d44cb5c069758875bce24f80b2ced18c8d Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Mon, 18 May 2020 16:16:47 -0700 Subject: [PATCH] Update configure-automated-investigations-remediation.md --- .../configure-automated-investigations-remediation.md | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation.md b/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation.md index 5068c50274..565959c537 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation.md +++ b/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation.md @@ -23,15 +23,7 @@ ms.topic: conceptual - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -If your organization is using [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection/) (Microsoft Defender ATP), [automated investigation and remediation capabilities](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations) can save your security operations team time and effort. - -Automated investigation and remediation capabilities mimic the ideal steps that a security analyst takes to investigate and remediate threats: -1. Investigate alerts that were triggered, and analyze evidence. -2. Remediate threats quickly, as appropriate. -3. Resolve alerts as remediation actions are taken, and update investigation status. -4. Find other affected devices, and repeat steps 1-3 as necessary. - -[Learn more about automated investigation and remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations). +If your organization is using [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection/) (Microsoft Defender ATP), [automated investigation and remediation capabilities](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations) can save your security operations team time and effort. As outlined in [this blog post](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/enhance-your-soc-with-microsoft-defender-atp-automatic/ba-p/848946), automated investigation and remediation capabilities mimic the ideal steps that a security analyst takes to investigate and remediate threats. [Learn more about automated investigation and remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations). To configure automated investigation and remediation, you [turn on the features](#turn-on-automated-investigation-and-remediation), and then you [set up device groups](#set-up-device-groups).