MS Defender Enables Auto-Remediation By Default

Reportedly, the Microsoft has planned to enable fully automated threat remediation by default in its security app named Ms Defender for Endpoint customers who have chosen into public reviews that is starting next month.

This change regarding fully automation from Semi one is the resultant of findings of the company. Actually, the Microsoft found that fully automation set as default in Defender offers more successful results in remedy of threats.

The Microsoft says, “Data collected and analyzed over the past year shows that organizations who are using full automation have had 40% more high-confidence malware samples removed than customers using lower levels of automation.”

Automated Tenants Actually Remediate Threats Faster

When full automation is enabled, the Defender will auto-create a remediation action to remove malicious entities once it finds any suspicious activity,

All this happens without Microsoft’s security operation team, which requires to remotely connect to system, or to wait for the remediation action to be approved.

But, in case if default remediation option is set to Semi, it will require manual approval that lowers the reaction time against malicious activities, within which the malware manage to infect the device or connected ones.

This change has been brought by the Microsoft after it found increased malware detection accuracy. So, it upgraded investigation infrastructure and added the option to undo remediation actions, according to requirements.

According to Microsoft officials, “The new default automation level can be kept (this is recommended) or changed according to your organizational needs.”

Also, the company added, “This change does not impact or override device group definitions that were previously set to control automation level.”

In order to initiate the usage of MS Defender for Endpoint public preview capabilities, the users need to manually toggle on Preview features in the MS Defender app.

Speaking more about the Defender, it also offers the users with vulnerable device tracking capabilities since October. This feature helps users to track vulnerable Windows and Mac operating system within an organization.