🔥 3-day streak
Microsoft Security Operations Analyst7 / 190
Question 7 of 190

Your organization uses Microsoft Defender for Endpoint. The SOC team wants critical production servers in a device group named 'Prod-Servers' to have Defender automatically investigate alerts and remediate malicious artifacts without requiring an analyst to approve each action. However, for a device group named 'Executive-Laptops', the team wants Defender to investigate automatically but hold all remediation actions until an analyst manually approves them. What should you configure to meet both requirements?

Reviewed for accuracy · Report an issueNext question