Remediation: introduction

  • Last update on January 22nd, 2024

What is remediation?

Picture 1

Remediation is a process of correcting or resolving issues, known as “matched items”, detected by a policy.

It can be done manually or automatically through a remediation workflow, which is a series of actions programmed to be executed one by one (see Picture 2). 

The goal of remediation is to improve the security posture of an organization by resolving vulnerabilities and threats. 


As mentioned before, remediation is workflow-based. This means that each policy has an associated workflow to help moderate and manage issues.

Workflows are executed step-by-step and consist of actions, including both management actions and custom actions. 

In this example, the workflow consists of two steps:

  • The first step is an attestation.
  • The second step involves the archiving of the Microsoft Teams group.
Picture 2

Remediation in Out-of-the-Box and Custom playbooks

Please keep in mind that Out-of-the-Box playbooks have pre-configured remediation for each policy, and only certain settings can be customized. From a technical perspective, this means that workflows associated with policies are pre-defined. 

In contrast, Custom playbooks enable you to design and implement your remediation process from scratch using workflows. This means that you can create custom workflows with management and custom actions tailored to your organization's needs.

Discover which settings you can configure for Out-of-the-Box policies.

Key points about remediation

  • Remediation can be triggered manually (by running the policy when necessary) or automatically (by scheduling the routine).
  • Remediation is workflow-based and can involve alerts and actions.
  • Attestations are a particular kind of action that allows other stakeholders (such as managers) to participate in addressing the issue.