Intune - How to Enable AIR (Automatic, Investigation and Remediation)

Question

Im trying to setup "Security Microsoft Defender for Endpoint - Best Practices" and I have coming to a part of AIR (Automatic, Investigation and Remediation)

I find that ,

• Create a Role Group in MDE Settings > Permission > Roles (select a group)
• Create a MDE machine group, set it to all machines, and assign it to Full – Remediate threats automatically
• Enable Automated Investigation in MDE Settings > Advanced Features
• Enable all of the MDE Settings > Advanced Features (or as many as you are licensed for, ex: MDI, Intune, MD4CA, etc).

But the problem is I don´t understand how I do that ...

// Sokoban

Answer 1

@Sokoban Thank you for reaching out to us, As I understand you are trying to configure automated investigation and remediation capabilities in Microsoft Defender for Endpoint.

In the above query, steps which you mentioned are needs to be performed from Microsoft 365 Defender portal (https://security.microsoft.com).

Detailed steps on how to configure it are documented here - https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-automated-investigations-remediation?view=o365-worldwide

Couple of videos also available online in how to configure the same have been explained here

https://www.youtube.com/watch?v=lu5G-VbELyg

https://www.youtube.com/watch?v=1UJoH-p3Xik

Let me know if you have any further questions, feel free to post back.

Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.