Forum Discussion
Disable Defender for Identity Automation
Hi mtcsb,
I’ll start off by saying I get the apprehension to allowing an automatic response being taken without understanding exactly what signals are being used to make the decision. Nevertheless, I personally have not heard any horror stories with Automatic Attack Disruption nor experienced any myself. Any time it did trigger which was seldom, it was 100% justified. Furthermore, to reverse the remediation there is an Undo button: Undo completed action
Now as far as how you can turn off automated responses I believe the setting is tied to all automated actions so there are implications in doing this such as having to approve any automated remediation actions even for the commodity malware removal depending on your settings. see here on how to configure these settings per device group: Automation setting for your organizations devices
And please read and understand what each automation level means and how it could affect your overall security posture and workload: Automation levels in automated investigation and remediation capabilities
Best,
Dylan