Applies to:


To use this capability, enable your Microsoft Intune connections. Navigate to Settings > General > Advanced features. Scroll down and look for Microsoft Intune connection. By default, the toggle is turned off. Turn your Microsoft Intune connection toggle on.

After your organization's cybersecurity weaknesses are identified and mapped to actionable security recommendations, you can start creating security tasks through the integration with Microsoft Intune where remediation tickets are created.

You can lower down your organization's exposure from vulnerabilities and increase your security configuration by remediating the security recommendations.

You'll see your remediation options when you select one of the security recommendation blocks from your Top security recommendations widget in the dashboard.

  1. From the flyout panel, you'll see the security recommendation details including your next steps. Click Remediation options.
  2. In the Remediation options page, select Open a ticket in Intune (for AAD joined devices).


If your request involves remediating more than 10,000 machines, we will only send 10,000 machines for remediation to Intune.

  1. Select a remediation due date.
  2. Add notes to give your IT administrator a context of your remediation request. For example, you can indicate urgency of the remediation request to avoid potential exposure to a recent exploit activity, or if the request is a part of compliance.

If you want to check how the ticket shows up in Intune, see Use Intune to remediate vulnerabilities identified by Microsoft Defender ATP for details.

How it works

When you submit a remediation request from Threat & Vulnerability Management, it kicks-off a remediation activity.

It creates a security task which will be tracked in Threat & Vulnerability Management Remediation page, and it also creates a remediation ticket in Microsoft Intune.

You also have the option to export all remediation activity data to CSV for records, reporting purposes, or if you want to notify your IT administration counterpart that a remediation ticket has been submitted.

The dashboard will show that status of your top remediation activities. Click any of the entries and it will take you to the Remediation page. You can mark the remediation activity as completed after the IT administration team remediates the task.

However, if the security recommendation stemmed from a false positive report, or if there are existing business justification that blocks the remediation, such as compensating control, productivity needs, compliance, or if there's already a planned remediation grace period, you can file an exception and indicate the reason. The exceptions you've filed will also show up in the Remediation page, in the Exceptions tab.