Added Automation In Microsoft 365 Defender

Microsoft introduced a way for 365 Defender to automatically disrupt ransomware attacks through the collection and correlation of signals from endpoints, identities, emails, documents and cloud applications.

The new automation is meant to contain affected endpoints, user identities and other assets to stop ransomware from spreading laterally, reducing attack cost and improving recovery resiliency, according to Microsoft.

Security operations teams are still needed for investigating, remediating and bringing assets back online once healthy, according to Microsoft.