Forum Discussion

underQualifried's avatar
underQualifried
Copper Contributor
Mar 19, 2025

Automated Investigation and Response

Upgraded to Defender for 365 P2 based on the idea of setting automated responses to certain alerts. That's how it was described. 

Now I'm trying to enable and configure it. The documentation has bounced me around 20 different articles for XDR, Defender Enterprise, Defender for Business... I do not see anywhere to configure the automation in Defender. One doc points me here for making sure it's enabled. when I open this, and go down to Automation, it's simply an empty list of device groups. We don't use Device groups - we don't use Defender Endpoint. 

Has anyone configured this in a non-XDR environment? What I'm encountering and what was advertised seem very different... 

configuration
microsoft 365 defender
remediation

2 Replies

Sort By
  • micheleariis's avatar
    micheleariis
    Steel Contributor
    Apr 04, 2025

    Hi, yes, unfortunately much of the Automated Investigation and Response configurations in Defender 365 P2 are related to the device groups in Defender for Endpoint. If you are not using Defender for Endpoint, your options are very limited. In fact, the advertised functionality includes XDR integrations that, without the device groups, remain inaccessible.

    • underQualifried's avatar
      underQualifried
      Copper Contributor
      Apr 21, 2025

      well that's a bit of a bummer. We use a 3rd party endpoint solution, but by far our biggest threat continues to be email. Was hoping for a better way to deal with quarantine release requests,, etc. Thanks for the  reply

Resources