*For this entry exists the more relevant or more recent entry (MC1191613)
check before: 2025-12-01
Product:
Defender, Defender for Office 365, Microsoft 365 Defender
Platform:
Web, World tenant
Status:
Launched
Change type:
Links:
(MC1191613)
Details:
We are expanding the auto-remediation capabilities in Automated Investigations and Response (AIR) to fully automate the remediation of malicious similarity clusters. Earlier this year, we introduced auto-remediation for malicious URL and file clusters. Building on that foundation, this enhancement enables AIR to automatically approve all pending remediation actions it generates—eliminating the need for manual intervention and streamlining the response process for SOC teams. This advancement significantly reduces response time and operational overhead, allowing security teams to focus on higher-priority threats.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
General Availability
Created:
2025-09-04
updated:
2025-12-18
Docu to Check
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Please, look at the most relevant linked item for details
explanation for non-techies**
Microsoft is enhancing its security tools by improving the way it handles potential threats in Office 365. Imagine your email system as a busy post office. Previously, if a suspicious package (like a malicious email or file) arrived, someone had to manually check and decide what to do with it. This could take time and required a lot of effort from the security team.
Now, with the new update, the system is like having a smart robot in the post office that can automatically identify and deal with these suspicious packages without waiting for human approval. This robot can recognize patterns or clusters of similar threats and handle them quickly, much like how a sorting machine can automatically categorize mail based on zip codes.
This change means that the security team can focus on more complex issues, as the system takes care of the routine, repetitive tasks. It's like freeing up the post office staff to handle more important deliveries while the machine takes care of the regular mail. This makes the whole process faster and more efficient, reducing the time it takes to respond to threats and allowing the team to concentrate on more critical security challenges.
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
| Date | Property | old | new |
| 2025-12-18 | RM Status | In development | Launched |
Last updated 2 months ago ago
