Hi,

I have a Defender ATP environment with several thousand clients in it and I have been asked to automate whatever I can for compliance and remediation.

Can anyone recommend some best practice custom detection rules you might use with Defender ATP to help build foundations on automation?

Regards

Mike