Automated investigation and response (AIR) in Microsoft Defender for Office 365

Implementation Effort: Medium: Customer IT and Security Operations teams need to drive projects to integrate AIR capabilities into their existing security workflows and ensure audit logging is enabled.

User Impact: Medium: A subset of non-privileged users, such as security analysts, have to take action or be notified of changes.

Overview

Automated investigation and response (AIR) in Microsoft Defender for Office 365 helps security operations teams manage high-volume alerts by automating investigations and recommending remediation actions. This feature enhances the efficiency of threat detection and response, allowing SecOps teams to focus on higher-priority tasks without losing sight of important alerts.

Reference

Automated investigation and response (AIR) in Microsoft Defender for Office 365