Search

MC333945 – (Updated) Updates to Threat Explorer and Email entity page (archived)

cloudscout.one Icon

check before: 2022-03-04

Product:

Defender, Microsoft 365 Defender

Platform:

World tenant, Web, Online

Status:

Change type:

Admin impact, Feature update, Updated message

Links:

Details:

Updated June 2, 2022: We have updated the rollout timeline below. Thank you for your patience.
As part of Hunting improvements, we are making updates to the Email entity page, and Threat Explorer and Real-Time Detections. These updates should help provide additional data points and context for security analysts. These updates include:
Updates to Email entity Page will include:
A section around Threat Detection Details which will contain information around Threat, the corresponding detection technology and if the detection ran into any additional context.
We will also light up additional email attributes like To, CC, Distribution list, Client information and forwarding (indicating if email forwarding was involved)
Override information would include the Primary override and Source (Primary override is the override which impacted the delivery of the email) as well as any additional overrides that were applicable to the email.
If a URL or a File was allowed due to a tenant policy like Tenant Allow/Block list, then that information would be shown in the entity views as well.
Updates to Threat Explorer will include:
Threat Explorer filters around System Override and System Override source would be renamed to Primary Override and Primary Override source to indicate the specific overrides which impacted the delivery of the email. This will help the analyst to locate malicious emails delivered due to potential config gaps, as well as identifying any tenant or user level configurations which have impacted the delivery of an email.
In addition to the name updates for the above 2 filters, we will also be lighting up new filters to cover scenarios like if an email contained forwarding or not.
[When this will happen:]
We expect these updates to begin rolling out in early March and expect the rollout to be completed by late June (previously late May).

Change Category:
XXXXXXX ...

Scope:
XXXXXXX ...

Release Phase:

Created:
2022-02-18

updated:
2022-06-03

the free basic plan is required to see all details. Sign up here

A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.

Login
Get a Plan

changes*

DatePropertyoldnew
2022-06-03MC Last Updated04/30/2022 06:17:262022-06-02T23:47:07Z
2022-06-03MC MessagesUpdated April 29, 2022: We have updated the rollout timeline below. Thank you for your patience.
As part of Hunting improvements, we are making updates to the Email entity page, and Threat Explorer and Real-Time Detections. These updates should help provide additional data points and context for security analysts. These updates include:
Updates to Email entity Page will include:
A section around Threat Detection Details which will contain information around Threat, the corresponding detection technology and if the detection ran into any additional context.
We will also light up additional email attributes like To, CC, Distribution list, Client information and forwarding (indicating if email forwarding was involved)
Override information would include the Primary override and Source (Primary override is the override which impacted the delivery of the email) as well as any additional overrides that were applicable to the email.
If a URL or a File was allowed due to a tenant policy like Tenant Allow/Block list, then that information would be shown in the entity views as well.
Updates to Threat Explorer will include:
Threat Explorer filters around System Override and System Override source would be renamed to Primary Override and Primary Override source to indicate the specific overrides which impacted the delivery of the email. This will help the analyst to locate malicious emails delivered due to potential config gaps, as well as identifying any tenant or user level configurations which have impacted the delivery of an email.
In addition to the name updates for the above 2 filters, we will also be lighting up new filters to cover scenarios like if an email contained forwarding or not.
[When this will happen:]
We expect these updates to begin rolling out in early March and expect the rollout to be completed by late May (previously late April).		Updated June 2, 2022: We have updated the rollout timeline below. Thank you for your patience.
As part of Hunting improvements, we are making updates to the Email entity page, and Threat Explorer and Real-Time Detections. These updates should help provide additional data points and context for security analysts. These updates include:
Updates to Email entity Page will include:
A section around Threat Detection Details which will contain information around Threat, the corresponding detection technology and if the detection ran into any additional context.
We will also light up additional email attributes like To, CC, Distribution list, Client information and forwarding (indicating if email forwarding was involved)
Override information would include the Primary override and Source (Primary override is the override which impacted the delivery of the email) as well as any additional overrides that were applicable to the email.
If a URL or a File was allowed due to a tenant policy like Tenant Allow/Block list, then that information would be shown in the entity views as well.
Updates to Threat Explorer will include:
Threat Explorer filters around System Override and System Override source would be renamed to Primary Override and Primary Override source to indicate the specific overrides which impacted the delivery of the email. This will help the analyst to locate malicious emails delivered due to potential config gaps, as well as identifying any tenant or user level configurations which have impacted the delivery of an email.
In addition to the name updates for the above 2 filters, we will also be lighting up new filters to cover scenarios like if an email contained forwarding or not.
[When this will happen:]
We expect these updates to begin rolling out in early March and expect the rollout to be completed by late June (previously late May).
2022-06-03MC End Time06/30/2022 09:00:002022-08-01T09:00:00Z
2022-04-30MC MessagesAs part of Hunting improvements, we are making updates to the Email entity page, and Threat Explorer and Real-Time Detections. These updates should help provide additional data points and context for security analysts. These updates include:
Updates to Email entity Page will include:
A section around Threat Detection Details which will contain information around Threat, the corresponding detection technology and if the detection ran into any additional context.
We will also light up additional email attributes like To, CC, Distribution list, Client information and forwarding (indicating if email forwarding was involved)
Override information would include the Primary override and Source (Primary override is the override which impacted the delivery of the email) as well as any additional overrides that were applicable to the email.
If a URL or a File was allowed due to a tenant policy like Tenant Allow/Block list, then that information would be shown in the entity views as well.
Updates to Threat Explorer will include:
Threat Explorer filters around System Override and System Override source would be renamed to Primary Override and Primary Override source to indicate the specific overrides which impacted the delivery of the email. This will help the analyst to locate malicious emails delivered due to potential config gaps, as well as identifying any tenant or user level configurations which have impacted the delivery of an email.
In addition to the name updates for the above 2 filters, we will also be lighting up new filters to cover scenarios like if an email contained forwarding or not.
[When this will happen:]
We expect these updates to begin rolling out in early March and expect the rollout to be completed by late April.		Updated April 29, 2022: We have updated the rollout timeline below. Thank you for your patience.
As part of Hunting improvements, we are making updates to the Email entity page, and Threat Explorer and Real-Time Detections. These updates should help provide additional data points and context for security analysts. These updates include:
Updates to Email entity Page will include:
A section around Threat Detection Details which will contain information around Threat, the corresponding detection technology and if the detection ran into any additional context.
We will also light up additional email attributes like To, CC, Distribution list, Client information and forwarding (indicating if email forwarding was involved)
Override information would include the Primary override and Source (Primary override is the override which impacted the delivery of the email) as well as any additional overrides that were applicable to the email.
If a URL or a File was allowed due to a tenant policy like Tenant Allow/Block list, then that information would be shown in the entity views as well.
Updates to Threat Explorer will include:
Threat Explorer filters around System Override and System Override source would be renamed to Primary Override and Primary Override source to indicate the specific overrides which impacted the delivery of the email. This will help the analyst to locate malicious emails delivered due to potential config gaps, as well as identifying any tenant or user level configurations which have impacted the delivery of an email.
In addition to the name updates for the above 2 filters, we will also be lighting up new filters to cover scenarios like if an email contained forwarding or not.
[When this will happen:]
We expect these updates to begin rolling out in early March and expect the rollout to be completed by late May (previously late April).
2022-04-30MC TitleUpdates to Threat Explorer and Email entity page(Updated) Updates to Threat Explorer and Email entity page
2022-04-30MC Last Updated02/18/2022 00:33:482022-04-30T06:17:26Z
2022-04-30MC MessageTagNamesFeature update, Admin impactUpdated message, Feature update, Admin impact
2022-04-30MC End Time05/30/2022 09:00:002022-06-30T09:00:00Z

*starting April 2022

Last updated 1 year ago

Related Posts:

  • Outlook logo
    MC718760 - (Updated) Retirement of Post by Email and…     24. February 2024 Administration check before: 2024-03-09 Product: Microsoft Viva, Microsoft Viva Engage, Outlook, Teams Platform: mobile, Web, World tenant Status: Launched Change type: Admin impact, Retirement, Updated message, User impact Links: MC712149 Details: Starting in late April 2024,…
  • Microsoft Teams logo
    MC761236 - Microsoft Teams:Updates to…     29. March 2024 Administration check before: 2024-04-12 Product: Microsoft 365 admin center, Teams Platform: Online, World tenant Status: Change type: Feature update, Admin impact Links: Details: Microsoft Teams is expanding the scope of the Get-CsOnlineUser cmdlet and Teams Admin…
  • cloudscout.one Icon
    MC718264 - (Updated) Updated Alerts and Incidents…     22. February 2024 Administration check before: 2024-03-07 Product: Defender, Defender XDR Platform: US Instances, World tenant Status: Change type: Admin impact, Feature update, Updated message Links: Details: Microsoft Defender XDR services Identity page's Alerts and Incidents tab is being…
  • cloudscout.one Icon
    MC706182 - (Updated) Information Protection: Full…     12. January 2024 Administration check before: 2024-01-26 Product: Microsoft 365 Apps, Microsoft 365 suite, Purview Communication Compliance, Purview Information Protection Platform: Web, World tenant Status: Launched Change type: Admin impact, New feature, Updated message Links: 186528 Details: Updated January…
  • Microsoft Exchange Logo
    MC709981 - (Updated) DLP - Adding matched attachment…     25. January 2024 Administration check before: 2024-02-08 Product: Exchange, Microsoft 365 for the web, Microsoft 365 suite, Purview Communication Compliance, Purview Data Loss Prevention Platform: Web, World tenant Status: Launched Change type: Admin impact, New feature, Updated message Links:…
  • cloudscout.one Icon
    MC759457 - (Updated) Endpoint Data Loss Prevention -…     28. March 2024 Administration check before: 2024-04-10 Product: Microsoft 365 Apps, Microsoft 365 Groups, Microsoft 365 suite, Purview Communication Compliance, Purview Data Loss Prevention Platform: US Instances, Web, World tenant Status: In development Change type: Admin impact, New feature,…

Leave a Reply

Share to MS Teams

cloudscout.one

Consolidated Microsoft 365 Roadmap and Message Center analysis for Office 365 operations and change management.

Support

Schierding.one GmbH

Alleenstraße 16
78549 Spaichingen
Phone: +49 (0)7424 60899-09
E-Mail: info@schierding.one
Amtsgericht Stuttgart (HRB 767585)
USt-ID DE321821109

Legal:

Privacy Policy

Imprint

FAQ

Login to your account

Welcome Back, We Missed You!