Aug 07 2021 06:15 PM - edited Aug 07 2021 06:28 PM
I know Defender in general is extra user friendly but for the Defender for endpoint to work properly, do I need to put all devices in a machine group and set a remediation level? All the training videos I have watched tells me I have to put the devices in a Device group in settings and set a remediation level. I didn't set it up and it still seems to quarantine unwanted software or malicious software. Can someone why the device group and remediation level are necessary?
Aug 08 2021 12:18 AM
Aug 08 2021 12:29 AM
Aug 08 2021 12:52 AM
Aug 08 2021 02:25 PM
Hey thanks again for responding and I appreciate the help. The device group "1" in the screenshot below is the device group I made and I added most devices in there. The group below that got created after i created "1".
The screenshot below is a different environment with different devices. I did not create any device group there. I do not see a default "undefined" group though. Is it supposed to be like this and the devices are in the undefined group by default without automated response turned on?
Aug 08 2021 05:44 PM
Aug 09 2021 06:39 PM
Aug 09 2021 07:47 PM
Aug 10 2021 10:15 AM
Yeah that makes sense and I was expecting that to happen. The screenshot below is another environment that does not have device group set up. There is not device group or remediation level set up. Do you know why Defender might be remediating them automatically? Could it be because of a PUA policy? I didn't set that up btw.
Aug 15 2021 05:40 AM
Aug 15 2021 06:00 AM
Jan 19 2022 01:33 PM
I know this post is a bit old but thought I would add that the link below does confirm that after August 2020 all new tenants were set to Full Automation by default even without device groups with AIR levels set.
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/automation-levels?view=o36...