Auto Remediation Has Arrived: Automatically Block Suspicious Sign-Ins in Microsoft 365

If you’ve ever discovered a suspicious 2 AM sign-in after the fact and thought, “Why didn’t we catch this sooner?” this update is for you.

Introducing Auto Remediation, a powerful new feature in the Augmentt platform that enables MSPs to automatically block high-risk sign-ins and user actions in Microsoft 365. It works based on predefined conditions and during specific hours, such as overnight or weekends.

No more late-night logins. No more missed alerts. Just proactive, automated security.

What Is Auto Remediation?

Auto Remediation is a newly released capability in Augmentt that automatically takes action on the technician’s behalf, such as blocking sign-ins or logging users out, when specific suspicious events are detected in Microsoft 365 environments.

This feature allows you to define:

  • Which alerts should trigger automatic responses
  • What actions should be taken
  • When these responses should occur (for example, after business hours)
  • Which tenants the rules apply to

It provides a set-it-and-forget-it layer of protection that ensures your clients stay secure even when your team is offline.

How It Works

1. Enable Auto Remediation with One Click

Once the feature is enabled, Augmentt begins watching for selected suspicious activity. No scripting is required, and there are no complex policies. Simply toggle it on and choose your preferences.

2. Choose Which Alerts Trigger Remediation

You can select from a list of high-risk events that often indicate compromised credentials or malicious intent:

  • Successful sign-in without MFA from outside the operating country
  • Successful sign-in outside of the operating country
  • Activity from a Tor IP address
  • Impossible travel activity (such as logins from two distant countries minutes apart)
  • User registered additional security info outside of safe country
  • Admin registered additional security info outside of safe country

You decide which of these alerts are worth acting on instantly.

3. Define Automatic Actions

When one of your chosen alerts is triggered, Augmentt can:

  • Block the sign-in immediately, cutting off access before damage is done
  • Sign out of all apps (optional), ending any active sessions across the Microsoft 365 ecosystem

This allows you to contain threats without waiting for manual review.

4. Set the Schedule

One of the most useful aspects of Auto Remediation is its timing. You can configure it to take action only during non-working hours, when your team isn’t actively monitoring.

For example:

  • Start time: 5:00 PM
  • End time: 8:00 AM the next day
  • Days: Monday through Thursday

This means any risky activity during off-hours is automatically addressed, while your team can handle alerts manually during business hours if preferred.

5. Support for Multi-Tenant Flexibility

Naturally, Augmentt’s Auto Remediation supports tenant-level flexibility.

You can create different auto-remediation policies per tenant, adjusting:

  • Alert sensitivity
  • Response actions
  • Active time ranges

This is especially useful if some clients operate internationally, have 24/7 teams, or require stricter controls due to compliance mandates.

Why Auto Remediation of M365 Alerts Matter

MSPs are under increasing pressure to provide security coverage at all hours. However, that’s not always feasible with small teams or limited resources. Auto Remediation helps you:

  • Stop threats the moment they happen
  •  Protect clients outside business hours
  •  Reduce technician fatigue and after-hours work
  •  Standardize and scale security practices across all tenants

It offers another step toward making Microsoft 365 security truly hands-off without compromising effectiveness.

Getting Started

To configure Auto Remediation in Augmentt:

  1. Go to the Events Setup section
  2. Toggle on Auto Remediate
  3. Select your preferred alerts
  4. Choose the actions you want Augmentt to take
  5. Define your schedule
  6. Apply tenant-specific overrides if needed

Once active, Augmentt monitors your environments and responds automatically during the times you specify.

This is just the beginning of what we’re building around automation and intelligent threat response. Auto Remediation gives MSPs the tools to deliver smarter security services, reduce manual workloads, and offer 24/7 protection with minimal overhead.

Stay tuned for more security automation features coming soon.

Want to see Auto Remediation in action? Book a demo today and let us show you how easy it is to level up your Microsoft 365 defense.

Levi Rose

Read More
SUBSCRIBE for more resources
Related Content
Augmentt SLA: Service Level Agreement

Agent-based SaaS Discovery

    When it comes to Augmentt Discover, we believe in flexibility and power. Augmentt Discover can collect SaaS usage data using both an Agent and Agentless model. Here is a quick…
    Read
    Augmentt Product Evaluation Guide

    Product Evaluation Guide

      Thank you for starting your Augmentt Product Evaluation and Trial   Here are a few resources that will help you through this technical process. Support Technical Support is available to…
      Read
      Augmentt is a centralized SaaS security platform built for MSPs to deliver scalable managed security services for Microsoft and cloud apps. Our multi-tenant platform gives you visibility across all your end-users to easily audit, protect and detect security threats for a holistic approach to cyber security.
      Solutions
      Company
      Contact
      Augmentt
      Powered by  GDPR Cookie Compliance
      Privacy Overview

      This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.