How to configure automation and remediation using Azure Defender

Azure defender, also known as Microsoft defender, is a cloud security posture management solution (CSPM) that helps to protect your cloud environment from emerging threats. Azure defender is used to automate and remediate data.
How do you turn on Automated Remediation and Investigation
These steps will enable you to turn on automatic remediation.
Sign-in to the Microsoft 365 Defender portal as a security administrator or global administrator.

Navigate to the Navigation Pane and select Settings.

Select the Advanced features option in the General section.

Automated Investigation can be turned on to resolve alerts automatically.

Setting up device groups
These steps will help you set up device groups.
Go to the Settings page in the Microsoft 365 Defender portal. Select the Device groups option under Permissions.

Select the + Add device group option.

Follow these steps to create a device group:
Please give a name and description of the group.

Select a level from the Automation level list. This level will determine if remediation actions are performed automatically or only after approval.

To recognize and include devices, you must use at least one condition from the Members section.

Navigate to the User Access tab. Select the Azure Active Directory groups that you wish to grant access to the device groups you are creating.

You can gain more knowledge about Azure Defender and enhance your career by taking the SC-200: Microsoft Security Operations Analysis Analyst Certification exam.
About SC-200T00 Microsoft Security Operations Analyst certification
The SC-200T00 Microsoft Security Operations Analyst certification will teach you how Microsoft Azure Sentinel and Azure Defender can be used to investigate, respond, hunt, and reduce cyber threats. You will learn how to use Azure Sentinel and Kusto Query Language, (KQL) to automate remediation.
You must score at least 700 on SC-200 to earn the Microsoft Security Operations Analyst certification. This exam is non-renewable and costs US $165
This certification is available to anyone who wants it.
Cloud Administrator

IT Professional

IT Security Professional

Microsoft Security Administrators

Network administrators

What would the certification domains do to help your teams implement AutomatedRemediation usingAzure Protector?
The Microsoft security analyst certification covers three main domains: Azure Defender, Microsoft 365 Defender, and Azure Sentinel.
Domain 1: Protect yourself with Microsoft 365 Defender
Microsoft 365 Defender will teach you how to spot productivity risks, identity threats, endpoint threats, identity threat, investigate, respond and remediate threats to Microsoft Teams and SharePoint, OneDrive, email, and OneDrive. It also demonstrates how to handle cross domain investigations, direct data loss prevention policies warnings, and suggests insider risk policy assessments and sensitivity label assessments.
This domain will cover custom detections and warnings, as well as setting up device attack surface reduction rules. This course will teach you how to use Microsoft’s Threat & Vulnerability Management solution to manage automated investigation and remediations, responds to incidents and alerts and recommends and assesses endpoint configurations to reduce or remediate vulnerabilities.
Sign-in risk policies, conditional access events, Azure Active Directory Domain Services and Secure Score are all topics you will learn about. You will learn how to create alerts in Azure AD Identity Protection.
Domain 2: Use Azure Defender to mitigate threats
This domain covers Azure Defender management, investigation, automation, remedial design, and configuration. This course will teach you how to configure Azure Defender workspaces, Azure Defender roles and data retention policies. It also teaches you how to analyze and recommend cloud workload security.
You will learn how to identify Azure Defender data sources, set up Automated onboarding for Azure resources and link non-Azure Machine Inboarding. Connect AWS Cloud resources, GCP Cloud resources and set up data collection. This course will teach you how to verify alert settings, set email alerts, and manage alert suppression rules.
Learn how to use an Azure Resource Manager template for an automatic response, build a playbook in Azure Defender, and leverage Azure Defender suggestions to resolve issues. You will also learn how to set up automated responses in Azure Security Center. Azure Defender will be taught to manage Azure Security Center, respond to Key Vault warnings and assess threat intelligence.