Microsoft Defender Endpoints - When creating or editing a device group I can only select 'No automated response' in the dropdown of 'Remediation Level'

Jonah Albertijn 0 Reputation points
2024-03-19T14:26:29.1866667+00:00

Basically as the title says. In the create or edit device group menu, my only option is to select 'No Automated Response' in the dropdown of Remediation Level. I've read that automated response should be active by default and you cannot turn it off.

My ungrouped devices has 'Full - Remediate Threats Automatically' active. If I try to edit this, my only option is 'No Automated Response' as well. This ungrouped devices group was added automatically.

Is this just a visual bug? Or is Automated Response turned of for my custom device group?

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,381 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Shweta Mathur 29,751 Reputation points Microsoft Employee
    2024-03-20T12:44:44.5666667+00:00

    Hi @Jonah Albertijn ,

    Thanks for reaching out.

    If you are using Microsoft Defender for Endpoint P1, then it will only allow you to create Device Group, but not allow to choose any automation Level.

    As mentioned https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-automated-investigations-remediation?view=o365-worldwide to configure different remediation levels you would require Microsoft Defender for Endpoint Plan 2.

    Hope this will help.

    Thanks,

    Shweta

    Please remember to "Accept Answer" if answer helped you.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.