Security News > 2021 > January > Microsoft Enables Automatic Remediation in Defender for Endpoint
Microsoft this week announced that it has enabled automatic threat remediation in Microsoft Defender for Endpoint for users who opted into public previews.
For all alerts, Microsoft Defender for Endpoint automatically starts an investigation on the machine, inspecting files, processes, registry keys, services, and anything else that may contain threat-related evidence.
Microsoft Defender for Endpoint defines, executes and manages these actions, without requiring intervention from security operations teams, the tech company explains.
These remediation actions are either automatically approved without warning, if the device automation level is set to Full, or require manual approval, if the automation level is set to Semi.
Having remediation actions automatically applied could save time and help contain infections, Microsoft argues.
Microsoft says it has decided to upgrade the default automation level to Full due to increased malware detection accuracy, improved automated investigation infrastructure, and the option to undo any remediation.