Microsoft Defender will flag AIR fixes as automated actions approved by SecOps

The new change will be introduced in September 2024.

Reading time icon 2 min. read

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Microsoft Defender AIR

Microsoft Defender for Office 365 provides insights into fixes made by AIR and by the SecOps teams, and to many customers the differences between the fixes implemented by one party, and the other party are hard to tell.

Well, not anymore. According to the latest entry in the Microsoft 365 Roadmap, the Redmond-based tech giant is planning to make a set of changes to the infrastructure of Microsoft Defender’s fixes.

Starting in September 2024, fixes that happen in the platform because of an AIR action approval will be recorded as automated actions approved by SecOps, allowing for a better understanding of the situation.

Currently, Microsoft Defender labels all fixes made by AIR and approved by SecOps as manual fixes in the system. This change will help customers understand better by showing the difference between fixes made by AIR and those made by the SecOps teams on their own.

Here’s what the entry says:

The AIR attribution update will empower customers with enhanced insights by deciphering between remediations produced by AIR versus truly manual remediations initiated independently by SecOps teams. Presently, all actions produced by AIR and approved by SecOps are logged as manual remediations throughout the portal. With this update, messages that are remediated as a result of approval of an AIR action will be logged as SecOps approved automated actions.


The change will be implemented in Microsoft Defender for Office 365, and it’s going to impact all the web versions of the platform.

Aside from changes to its AIR fixes update, the Redmond-based tech giant is currently updating Microsoft Defender for Office 365’s submission results to improve the experience of submitting suspected spam, phishing, URLs, legitimate email getting blocked, and email attachments to Microsoft, by managers and IT admins.

This improvement should also enhance IT admins’ experience and efficiency in managing security tasks, resulting in fewer threats or situations where Microsoft accounts are compromised.

More about the topics: microsoft, Microsoft Windows Defender