Microsoft Defender for Endpoint – Automation defaults are changing

We are excited to announce that we are about to increase your automated protection by an average of 40% by setting your default automation level to Full – remediate threats automatically. This change comes after a lengthy measurement and validation period, and we’re making this change with a high level of confidence and minimum risk.

Data collected and analyzed over the past year shows that customers who are using full automation have had 40% more high-confidence malware samples removed than customers using lower levels of automation. Full automation also frees up our customers’ critical security resources so they can focus more on their strategic initiatives.

When will this happen:

We will begin rolling this out in early July and expect to complete by mid-July.

How this affects your organization:

Once this has rolled out, your tenant’s default automation level will change from Semi – require approval for any remediation to Full – remediate threats automatically. You’ll be able to review completed actions in the Action Center, and if necessary, you can undo an action that was taken. This change does not impact or override device group definitions that you are using to control your automation level.

What you need to do to prepare:

You can keep your default automation level (recommended) or change it according to your organizational needs. See adjust your device group settings.