Forum Discussion
Microsoft Defender for Endpoint Device group question
I know Defender in general is extra user friendly but for the Defender for endpoint to work properly, do I need to put all devices in a machine group and set a remediation level? All the training vid...
I found some updated guides and step one is outlined below, step two it recommends to setup device groups.
Turn on automated investigation and remediation
1. As a global administrator or security administrator, go to the Microsoft Defender Security Center (https://securitycenter.windows.com) and sign in.
2. In the navigation pane, choose Settings.
3. In the General section, select Advanced features.
4. Turn on both Automated Investigation and Automatically resolve alerts.
Turn on automated investigation and remediation
1. As a global administrator or security administrator, go to the Microsoft Defender Security Center (https://securitycenter.windows.com) and sign in.
2. In the navigation pane, choose Settings.
3. In the General section, select Advanced features.
4. Turn on both Automated Investigation and Automatically resolve alerts.
I know this post is a bit old but thought I would add that the link below does confirm that after August 2020 all new tenants were set to Full Automation by default even without device groups with AIR levels set.
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/automation-levels?view=o365-worldwide#important-points-about-automation-levels