Microsoft Defender for Office 365: Auto-Remediation of Malicious Similarity Clusters in AIR

Originally posted by Microsoft Sep 4, 2025 Uncategorized 0 Comments

We are expanding the auto-remediation capabilities in Automated Investigations and Response (AIR) to fully automate the remediation of malicious similarity clusters. Earlier this year, we introduced auto-remediation for malicious URL and file clusters. Building on that foundation, this enhancement enables AIR to automatically approve all pending remediation actions it generates—eliminating the need for manual intervention and streamlining the response process for SOC teams. This advancement significantly reduces response time and operational overhead, allowing security teams to focus on higher-priority threats.

Product Microsoft Defender for Office 365
Release phase General Availability
Release date December CY2025
Platform Web
Cloud Instance Worldwide (Standard Multi-Tenant)
Created 2025-09-03
Roadmap ID 502528
Roadmap Link https://www.microsoft.com/microsoft-365/roadmap?id=502528

Comments are closed.

Joao Ferreira

I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.

%d bloggers like this: