Search

MC241580 – Hunting for Impersonated domains and users (archived)

Microsoft Exchange Logo

check before: 2021-03-11

Product:

Advanced Threat Protection - Office 365, Defender, Defender ATP, Defender for Office 365, Exchange, Microsoft Defender for Office 365

Platform:

Online, Web, World tenant

Status:

Launched

Change type:

Admin impact, Feature update

Links:

70613

Details:

Threat Explorer (P2) and Real-time detections (P1) are powerful near real-time tools to help Security Operations teams investigate and respond to threats. Today we provide existing pivots for Detection Technology with User impersonation or Domain impersonation which show all Phish emails caught by our impersonation detection. We are adding new pivots called Impersonated user and Impersonated domain within Threat Explorer to enable Security Operations teams to explicitly hunt for specific protected users or domains within their organization that are targets of impersonation attacks. This additional information related to Impersonated domain(s) and Impersonated user(s) will also be shown in existing Impersonation insight pages and our new Email Entity page.
This message is associated with Microsoft 365 Roadmap ID "https://www.microsoft.com/microsoft-365/roadmap?rtc=1%26filters=searchterms=70613" 70613

Change Category:
XXXXXXX ...

Scope:
XXXXXXX ...

Release Phase:
General Availability

Created:
2021-03-12

updated:
2021-04-02

the free basic plan is required to see all details. Sign up here


A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.


Last updated 11 months ago

Share to MS Teams

Login to your account

Welcome Back, We Missed You!