Microsoft 365 Administrator — Question 211

You have a Microsoft 365 subscription that uses Microsoft Defender XDR.

From Automatic remediation in the Microsoft Defender portal, you set Automation level to Semi – require approval for non-temp folders for the endpoints.

You need to identify the impact of the Automation level setting on the endpoints.

Which two actions will occur based on the remediation settings? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

Answer options

• A. Devices will be remediated only after end-user approval.
• B. Devices will be remediated automatically if a threat is detected in the \program files (X86)\* folder
• C. Devices will be remediated automatically if a threat is detected in the \windows\ folder.
• D. Devices will be remediated automatically if a threat is detected in the \users\*\downloads\* folder.

Correct answer: B, D

Explanation

The correct answers are B and D because the Semi automation level allows for automatic remediation in specific folders, such as \\program files (X86)\* and \\users\*\downloads\*. However, devices will not be automatically remediated in the \\windows\ folder (C) or require end-user approval (A) in this configuration.