Merge pull request #49791 from KenMAG/main

Revised unit per updated UI and updated ms.author field

Author: Stacyrch140

learn-pr/wwl-sci/configure-manage-automation-microsoft-defender-for-endpoint/1-introduction.yml

@@ -1,15 +1,15 @@
-### YamlMime:ModuleUnit
-uid: learn.wwl.configure-manage-automation-microsoft-defender-for-endpoint.introduction
-title: Introduction
-metadata:
-  title: Introduction
-  description: "Introduction"
-  ms.date: 11/28/2023
-  author: wwlpublish
-  ms.author: bneeb
-  ms.topic: unit
-azureSandbox: false
-labModal: false
-durationInMinutes: 3
-content: |
-  [!include[](includes/1-introduction.md)]
+### YamlMime:ModuleUnit
+uid: learn.wwl.configure-manage-automation-microsoft-defender-for-endpoint.introduction
+title: Introduction
+metadata:
+  title: Introduction
+  description: "Introduction"
+  ms.date: 11/28/2023
+  author: wwlpublish
+  ms.author: kelawson
+  ms.topic: unit
+azureSandbox: false
+labModal: false
+durationInMinutes: 3
+content: |
+  [!include[](includes/1-introduction.md)]

learn-pr/wwl-sci/configure-manage-automation-microsoft-defender-for-endpoint/2-configure-advanced-features.yml

@@ -1,15 +1,15 @@
-### YamlMime:ModuleUnit
-uid: learn.wwl.configure-manage-automation-microsoft-defender-for-endpoint.configure-advanced-features
-title: Configure advanced features
-metadata:
-  title: Configure advanced features
-  description: "Configure advanced features"
-  ms.date: 11/28/2023
-  author: wwlpublish
-  ms.author: bneeb
-  ms.topic: unit
-azureSandbox: false
-labModal: false
-durationInMinutes: 4
-content: |
-  [!include[](includes/2-configure-advanced-features.md)]
+### YamlMime:ModuleUnit
+uid: learn.wwl.configure-manage-automation-microsoft-defender-for-endpoint.configure-advanced-features
+title: Configure advanced features
+metadata:
+  title: Configure advanced features
+  description: "Configure advanced features"
+  ms.date: 11/28/2023
+  author: wwlpublish
+  ms.author: kelawson
+  ms.topic: unit
+azureSandbox: false
+labModal: false
+durationInMinutes: 4
+content: |
+  [!include[](includes/2-configure-advanced-features.md)]

learn-pr/wwl-sci/configure-manage-automation-microsoft-defender-for-endpoint/3-manage-automation-upload-folder-settings.yml

@@ -1,15 +1,15 @@
-### YamlMime:ModuleUnit
-uid: learn.wwl.configure-manage-automation-microsoft-defender-for-endpoint.upload-folder-settings
-title: Manage automation upload and folder settings
-metadata:
-  title: Manage automation upload and folder settings
-  description: "Manage automation upload and folder settings"
-  ms.date: 11/28/2023
-  author: wwlpublish
-  ms.author: bneeb
-  ms.topic: unit
-azureSandbox: false
-labModal: false
-durationInMinutes: 5
-content: |
-  [!include[](includes/3-manage-automation-upload-folder-settings.md)]
+### YamlMime:ModuleUnit
+uid: learn.wwl.configure-manage-automation-microsoft-defender-for-endpoint.upload-folder-settings
+title: Manage automation upload and folder settings
+metadata:
+  title: Manage automation upload and folder settings
+  description: "Manage automation upload and folder settings"
+  ms.date: 11/28/2023
+  author: wwlpublish
+  ms.author: kelawson
+  ms.topic: unit
+azureSandbox: false
+labModal: false
+durationInMinutes: 5
+content: |
+  [!include[](includes/3-manage-automation-upload-folder-settings.md)]

learn-pr/wwl-sci/configure-manage-automation-microsoft-defender-for-endpoint/4-configure-automated-investigation-remediation-capabilities.yml

@@ -1,15 +1,15 @@
-### YamlMime:ModuleUnit
-uid: learn.wwl.configure-manage-automation-microsoft-defender-for-endpoint.configure-automated-investigation-remediation-capabilities
-title: Configure automated investigation and remediation capabilities
-metadata:
-  title: Configure automated investigation and remediation capabilities
-  description: "Configure automated investigation and remediation capabilities"
-  ms.date: 11/28/2023
-  author: wwlpublish
-  ms.author: bneeb
-  ms.topic: unit
-azureSandbox: false
-labModal: false
-durationInMinutes: 5
-content: |
-  [!include[](includes/4-configure-automated-investigation-remediation-capabilities.md)]
+### YamlMime:ModuleUnit
+uid: learn.wwl.configure-manage-automation-microsoft-defender-for-endpoint.configure-automated-investigation-remediation-capabilities
+title: Configure automated investigation and remediation capabilities
+metadata:
+  title: Configure automated investigation and remediation capabilities
+  description: "Configure automated investigation and remediation capabilities"
+  ms.date: 03/31/2025
+  author: wwlpublish
+  ms.author: kelawson
+  ms.topic: unit
+azureSandbox: false
+labModal: false
+durationInMinutes: 5
+content: |
+  [!include[](includes/4-configure-automated-investigation-remediation-capabilities.md)]

learn-pr/wwl-sci/configure-manage-automation-microsoft-defender-for-endpoint/6-knowledge-check.yml

@@ -1,51 +1,51 @@
-### YamlMime:ModuleUnit
-uid: learn.wwl.configure-manage-automation-microsoft-defender-for-endpoint.knowledge-check
-title: Knowledge check
-metadata:
-  title: Knowledge check
-  description: "Knowledge check"
-  ms.date: 11/28/2023
-  author: wwlpublish
-  ms.author: bneeb
-  ms.topic: unit
-azureSandbox: false
-labModal: false
-durationInMinutes: 3
-content: |
-  [!include[](includes/6-knowledge-check.md)]
-quiz:
-  title: "Check your knowledge"
-  questions:
-  - content: "Which is a valid remediation level?"
-    choices:
-    - content: "Semi - require approval for any remediation"
-      isCorrect: true
-      explanation: "Correct.  This is a valid remediation level."
-    - content: "Semi - user accounts only"
-      isCorrect: false
-      explanation: "Incorrect.  This isn't a valid remediation level."
-    - content: "Semi - files only"
-      isCorrect: false
-      explanation: "Incorrect.  This isn't a valid remediation level."
-  - content: "A security operations analyst needs to exclude a custom executable file c:\\myapp\\myapp.exe, which exclusion type should they use?"
-    choices:
-    - content: "File"
-      isCorrect: true
-      explanation: "Correct. File will exclude this specific file from automation"
-    - content: "Extension"
-      isCorrect: false
-      explanation: "Incorrect. Extension would exclude all files with the extension."
-    - content: "Folder"
-      isCorrect: false
-      explanation: "Incorrect. Folder would exclude all files in a folder."
-  - content: "In advanced features, which setting should be turned on to block files even if a third-party antivirus is used?"
-    choices:
-    - content: "Enable EDR in block mode"
-      isCorrect: true
-      explanation: "Correct. EDR in block mode is used with third party antivirus"
-    - content: "Allow or block file"
-      isCorrect: false
-      explanation: "Incorrect. The feature requires Defender antivirus"
-    - content: "Automated Investigation"
-      isCorrect: false
-      explanation: "Incorrect. Automated investigations aren't specific to blocking files."
+### YamlMime:ModuleUnit
+uid: learn.wwl.configure-manage-automation-microsoft-defender-for-endpoint.knowledge-check
+title: Knowledge check
+metadata:
+  title: Knowledge check
+  description: "Knowledge check"
+  ms.date: 11/28/2023
+  author: wwlpublish
+  ms.author: kelawson
+  ms.topic: unit
+azureSandbox: false
+labModal: false
+durationInMinutes: 3
+content: |
+  [!include[](includes/6-knowledge-check.md)]
+quiz:
+  title: "Check your knowledge"
+  questions:
+  - content: "Which is a valid remediation level?"
+    choices:
+    - content: "Semi - require approval for any remediation"
+      isCorrect: true
+      explanation: "Correct. This is a valid remediation level."
+    - content: "Semi - user accounts only"
+      isCorrect: false
+      explanation: "Incorrect. This isn't a valid remediation level."
+    - content: "Semi - files only"
+      isCorrect: false
+      explanation: "Incorrect. This isn't a valid remediation level."
+  - content: "A security operations analyst needs to exclude a custom executable file c:\\myapp\\myapp.exe, which exclusion type should they use?"
+    choices:
+    - content: "File"
+      isCorrect: true
+      explanation: "Correct. File excludes this specific file from automation"
+    - content: "Extension"
+      isCorrect: false
+      explanation: "Incorrect. Extension would exclude all files with the extension."
+    - content: "Folder"
+      isCorrect: false
+      explanation: "Incorrect. Folder would exclude all files in a folder."
+  - content: "In advanced features, which setting should be turned on to block files even if a third-party antivirus is used?"
+    choices:
+    - content: "Enable EDR in block mode"
+      isCorrect: true
+      explanation: "Correct. EDR in block mode is used with third party antivirus"
+    - content: "Allow or block file"
+      isCorrect: false
+      explanation: "Incorrect. The feature requires Defender antivirus"
+    - content: "Automated Investigation"
+      isCorrect: false
+      explanation: "Incorrect. Automated investigations aren't specific to blocking files."

learn-pr/wwl-sci/configure-manage-automation-microsoft-defender-for-endpoint/7-summary-resources.yml

@@ -1,15 +1,15 @@
-### YamlMime:ModuleUnit
-uid: learn.wwl.configure-manage-automation-microsoft-defender-for-endpoint.summary-resources
-title: Summary and resources
-metadata:
-  title: Summary and resources
-  description: "Summary and resources"
-  ms.date: 11/28/2023
-  author: wwlpublish
-  ms.author: bneeb
-  ms.topic: unit
-azureSandbox: false
-labModal: false
-durationInMinutes: 3
-content: |
-  [!include[](includes/7-summary-resources.md)]
+### YamlMime:ModuleUnit
+uid: learn.wwl.configure-manage-automation-microsoft-defender-for-endpoint.summary-resources
+title: Summary and resources
+metadata:
+  title: Summary and resources
+  description: "Summary and resources"
+  ms.date: 11/28/2023
+  author: wwlpublish
+  ms.author: kelawson
+  ms.topic: unit
+azureSandbox: false
+labModal: false
+durationInMinutes: 3
+content: |
+  [!include[](includes/7-summary-resources.md)]

learn-pr/wwl-sci/configure-manage-automation-microsoft-defender-for-endpoint/includes/4-configure-automated-investigation-remediation-capabilities.md

@@ -2,13 +2,18 @@ To configure automated investigation and remediation, turn on the features, and
 
 ## **Turn on automated investigation and remediation**
 
-As a global administrator or security administrator:
+As a Global Administrator or Security Administrator:
 
 1. In the navigation pane, select **Settings > Endpoints**.
 
 1. In the General section, select **Advanced features**.
 
-1. Turn on both Automated Investigation and Automatically resolve alerts.
+1. Turn on **Automatically resolve alerts**.
+
+    > [!NOTE]
+    > The **Automated Investigation** option is gone from the advanced features setting in Defender for Endpoint. Automated investigation is now enabled by default.
+
+1. Select the **Save preferences** button.
 
 ## Set up device groups
 
@@ -24,7 +29,7 @@ As a global administrator or security administrator:
 
         - In the Devices section, use one or more conditions to identify and include devices.
 
-        - On the User access tab, select the Azure Active Directory groups that should have access to the device group you're creating.
+        - On the User access tab, select the Entra ID groups that should have access to the device group you're creating.
 
 1. Select **Done** when you're finished setting up your device group.
 
@@ -74,5 +79,4 @@ Using the no automation option isn't recommended because it reduces the security
 
 ## Quickly configure remediation levels on device groups
 
-Another way to set or update remediation levels on Device groups is in the Settings, General, Auto remediation page.  The page provides a list of Device groups and the current remediation level for each.  Select the row will allow you to adjust the remediation setting.
-
+Another way to set or update remediation levels on Device groups is in the Settings, General, Auto remediation page.  The page provides a list of Device groups and the current remediation level for each.  Selecting the row allows you to adjust the remediation setting.

learn-pr/wwl-sci/configure-manage-automation-microsoft-defender-for-endpoint/index.yml

@@ -1,45 +1,45 @@
-### YamlMime:Module
-uid: learn.wwl.configure-manage-automation-microsoft-defender-for-endpoint
-metadata:
-  title: Configure and manage automation using Microsoft Defender for Endpoint
-  description: "Configure and manage automation using Microsoft Defender for Endpoint"
-  ms.date: 1/2/2025
-  author: wwlpublish
-  ms.author: kelawson
-  ms.topic: module
-  ms.service: azure
-title: Configure and manage automation using Microsoft Defender for Endpoint
-summary: Learn how to configure automation in Microsoft Defender for Endpoint by managing environmental settings.
-abstract: |
-  Upon completion of this module, the learner will be able to:
-  - Configure advanced features of Microsoft Defender for Endpoint
-  - Manage automation settings in Microsoft Defender for Endpoint
-prerequisites: |
-  Intermediate understanding of Windows 10.
-iconUrl: /training/achievements/configure-manage-automation-microsoft-defender-endpoint.svg
-levels:
-- intermediate
-roles:
-- security-operations-analyst
-products:
-- m365
-- m365-security-center
-- windows-11
-- windows-security
-- defender-endpoint
-- intune
-- entra-id
-subjects:
-- information-protection-governance
-- threat-protection
-- automation
-units:
-- learn.wwl.configure-manage-automation-microsoft-defender-for-endpoint.introduction
-- learn.wwl.configure-manage-automation-microsoft-defender-for-endpoint.configure-advanced-features
-- learn.wwl.configure-manage-automation-microsoft-defender-for-endpoint.upload-folder-settings
-- learn.wwl.configure-manage-automation-microsoft-defender-for-endpoint.configure-automated-investigation-remediation-capabilities
-- learn.wwl.configure-manage-automation-microsoft-defender-for-endpoint.block-at-risk-devices
-- learn.wwl.configure-manage-automation-microsoft-defender-for-endpoint.knowledge-check
-- learn.wwl.configure-manage-automation-microsoft-defender-for-endpoint.summary-resources
-badge:
-  uid: learn.wwl.configure-manage-automation-microsoft-defender-for-endpoint.badge
+### YamlMime:Module
+uid: learn.wwl.configure-manage-automation-microsoft-defender-for-endpoint
+metadata:
+  title: Configure and manage automation using Microsoft Defender for Endpoint
+  description: "Configure and manage automation using Microsoft Defender for Endpoint"
+  ms.date: 03/31/2025
+  author: wwlpublish
+  ms.author: kelawson
+  ms.topic: module
+  ms.service: azure
+title: Configure and manage automation using Microsoft Defender for Endpoint
+summary: Learn how to configure automation in Microsoft Defender for Endpoint by managing environmental settings.
+abstract: |
+  Upon completion of this module, the learner will be able to:
+  - Configure advanced features of Microsoft Defender for Endpoint
+  - Manage automation settings in Microsoft Defender for Endpoint
+prerequisites: |
+  Intermediate understanding of Windows 10.
+iconUrl: /training/achievements/configure-manage-automation-microsoft-defender-endpoint.svg
+levels:
+- intermediate
+roles:
+- security-operations-analyst
+products:
+- m365
+- m365-security-center
+- windows-11
+- windows-security
+- defender-endpoint
+- intune
+- entra-id
+subjects:
+- information-protection-governance
+- threat-protection
+- automation
+units:
+- learn.wwl.configure-manage-automation-microsoft-defender-for-endpoint.introduction
+- learn.wwl.configure-manage-automation-microsoft-defender-for-endpoint.configure-advanced-features
+- learn.wwl.configure-manage-automation-microsoft-defender-for-endpoint.upload-folder-settings
+- learn.wwl.configure-manage-automation-microsoft-defender-for-endpoint.configure-automated-investigation-remediation-capabilities
+- learn.wwl.configure-manage-automation-microsoft-defender-for-endpoint.block-at-risk-devices
+- learn.wwl.configure-manage-automation-microsoft-defender-for-endpoint.knowledge-check
+- learn.wwl.configure-manage-automation-microsoft-defender-for-endpoint.summary-resources
+badge:
+  uid: learn.wwl.configure-manage-automation-microsoft-defender-for-endpoint.badge