Which THREE are valid ways to automatically respond to a security incident in Microsoft Defender XDR?
AIR automatically responds to incidents.
Why this answer
Options A, B, and D are correct. Automated investigation and response (AIR) is a core feature, custom detection rules can trigger actions, and attack simulation training can be automated. Option C is wrong because manual playbooks are not automatic.
Option E is wrong because threat intelligence integration does not automatically respond.