Merge pull request #3926 from MicrosoftDocs/chrisda

chrisda · web-flow · commit fd93bb25bd4f · 2025-05-28T09:28:21.000-07:00
Removed Preview for automated remediation
diff --git a/defender-office-365/air-auto-remediation.md b/defender-office-365/air-auto-remediation.md
@@ -26,17 +26,11 @@ appliesto:
 
 # Automated remediation in Automated investigation and response (AIR)
 
-[!INCLUDE [MDO Trial banner](../includes/mdo-trial-banner.md)]
-
-> [!TIP]
-> The features described in this article are currently in Private Preview, aren't available in all organization, and are subject to change.
-
 By default, remediation actions identified by automated investigation and response (AIR) in Microsoft Defender for Office 365 Plan 2 require approval by security operations (SecOps) teams. For more information about AIR, see [Automated investigation and response (AIR) in Microsoft Defender for Office 365 Plan 2](air-about.md)
 
 Now, admins can also designate certain actions to automatically remediate. Automatically remediating messages identified as malicious in AIR investigations has the following benefits:
 
 - Increases customer protection by expediting remediation of more threats.
-
 - Saves time for SecOps teams by reducing the need for approval.
 
 The rest of this article describes how to configure automated remediation in AIR and how to identify messages that were automatically remediated.
diff --git a/defender-office-365/remediate-malicious-email-delivered-office-365.md b/defender-office-365/remediate-malicious-email-delivered-office-365.md
@@ -59,7 +59,7 @@ Once emails are selected through Explorer, you can start remediation by taking d
 - Direct approval: When actions like *move to inbox*, *move to junk*, *move to deleted items*, *soft delete*, or *hard delete* are selected by security personnel who have appropriate permissions, and the next steps in remediation are followed, the remediation process begins to execute the selected action.
 
   > [!NOTE]
-  > As the remediation gets kicked-off, it generates an alert and an investigation in parallel. Alert shows up in the alerts queue with the name "Administrative action submitted by an Administrator" suggesting that security personnel took the action of remediating an entity. It presents details like name of the person who performed the action, supporting investigation link, time, etc. It works really well to know every time a harsh action like remediation is performed on entities. All these actions can be tracked under the **Actions & Submissions** \> **Action center** \> **History tab** (public preview).
+  > As the remediation gets kicked-off, it generates an alert and an investigation in parallel. Alert shows up in the alerts queue with the name "Administrative action submitted by an Administrator" suggesting that security personnel took the action of remediating an entity. It presents details like name of the person who performed the action, supporting investigation link, time, etc. It works really well to know every time a harsh action like remediation is performed on entities. All these actions can be tracked under the **Actions & Submissions** \> **Action center** \> **History tab**.
 
 - Two-step approval: An "add to remediation" action can be taken by admins who don't have appropriate permissions or who need to wait to execute the action. In this case, the targeted emails are added to a remediation container. Approval is needed before the remediation is executed.
 
