Microsoft Defender for Office 365: Auto-Remediation of Malicious Similarity Clusters in AIR

Microsoft 365 Roadmap ID: 502528

Status Launched

Products Microsoft 365 Defender Microsoft Defender for Office 365

Cloud Instances Worldwide (Standard Multi-Tenant)

Release Phase General Availability

Platforms Web

Expected Release December 2025

Description

We are expanding the auto-remediation capabilities in Automated Investigations and Response (AIR) to fully automate the remediation of malicious similarity clusters. Earlier this year, we introduced auto-remediation for malicious URL and file clusters. Building on that foundation, this enhancement enables AIR to automatically approve all pending remediation actions it generates—eliminating the need for manual intervention and streamlining the response process for SOC teams. This advancement significantly reduces response time and operational overhead, allowing security teams to focus on higher-priority threats.

Change History

Published: September 3, 2025

Last Updated: December 16, 2025

December 16, 2025 at 4:01 AM Updated

Status

In development

New

Launched

Modified Date

2025-09-03T23:00:02.000Z

New

2025-12-16T00:15:28.000Z

Never Miss a Microsoft 365 Update

Join thousands of IT professionals who rely on DeltaPulse for real-time Microsoft 365 change intelligence, automated notifications, and community insights.

View Full Details Sign Up Free