If you read the Microsoft documentation:
Automation levels in automated investigation and remediation capabilities
you find that there are 5 different levels of remediation automation you can set:
– No automated response
– Semi – require approval for all folders
– Semi – require approval for non-temp folders
– Semi – require approval for core folders
– Full – remediate threats automatically
which are all detailed here:
Full automation is recommended and is selected by default for tenants that were created on or after August 16, 2020 with Microsoft Defender for Endpoint, with no device groups defined yet.
Thus, Automation levels rely on Device Groups in Defender for Endpoint.
You see this when you create a Device Group as shown above.
With Defender for Endpoint P2 you find Device Groups via https://security.microsoft.com | Settings | Endpoints | Device groups as shown above.
However, with Defender for Business (above), you’ll see that there are no options currently for Device Groups. This basically means that the all remediation will be performed automatically.
I don’t that it is really a problem, but is another difference between Defender for Endpoint P2 and Defender for Business. I have not tested Defender for Endpoint P1 but I assume that it have the same lack of Device Groups as Defender for Business has, but I would to check to be 100% sure.