I think that is depending on the time it takes to re-image a machine and how long the user will be without a machine.
If the user gets a replacement machine, re-imaging can be started faster than when this affects the time the user cannot work.
Depends on the status of the detections & the severity of the threat; if the threat was cleaned successfully, I will just keep an eye on the machine for a few days to ensure there are no further dectections. Usually I'll kick off full scans remotely on machines that have detections to be on the safe side.
If a machine continues to report detections and additional hands-on mitigation doesn't eliminate the issues, the machine is reimaged.