check before: 2022-03-04
Product:
Defender, Microsoft 365 Defender
Platform:
World tenant, Web, Online
Status:
Change type:
Admin impact, Feature update, Updated message
Links:
Details:
Updated June 2, 2022: We have updated the rollout timeline below. Thank you for your patience.
As part of Hunting improvements, we are making updates to the Email entity page, and Threat Explorer and Real-Time Detections. These updates should help provide additional data points and context for security analysts. These updates include:
Updates to Email entity Page will include:
A section around Threat Detection Details which will contain information around Threat, the corresponding detection technology and if the detection ran into any additional context.
We will also light up additional email attributes like To, CC, Distribution list, Client information and forwarding (indicating if email forwarding was involved)
Override information would include the Primary override and Source (Primary override is the override which impacted the delivery of the email) as well as any additional overrides that were applicable to the email.
If a URL or a File was allowed due to a tenant policy like Tenant Allow/Block list, then that information would be shown in the entity views as well.
Updates to Threat Explorer will include:
Threat Explorer filters around System Override and System Override source would be renamed to Primary Override and Primary Override source to indicate the specific overrides which impacted the delivery of the email. This will help the analyst to locate malicious emails delivered due to potential config gaps, as well as identifying any tenant or user level configurations which have impacted the delivery of an email.
In addition to the name updates for the above 2 filters, we will also be lighting up new filters to cover scenarios like if an email contained forwarding or not.
[When this will happen:]
We expect these updates to begin rolling out in early March and expect the rollout to be completed by late June (previously late May).
Change Category:
XXXXXXX ...
Scope:
XXXXXXX ...
Release Phase:
Created:
2022-02-18
updated:
2022-06-03
the free basic plan is required to see all details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
changes*
Date | Property | old | new |
2022-06-03 | MC Last Updated | 04/30/2022 06:17:26 | 2022-06-02T23:47:07Z |
2022-06-03 | MC Messages | Updated April 29, 2022: We have updated the rollout timeline below. Thank you for your patience.
As part of Hunting improvements, we are making updates to the Email entity page, and Threat Explorer and Real-Time Detections. These updates should help provide additional data points and context for security analysts. These updates include: Updates to Email entity Page will include: A section around Threat Detection Details which will contain information around Threat, the corresponding detection technology and if the detection ran into any additional context. We will also light up additional email attributes like To, CC, Distribution list, Client information and forwarding (indicating if email forwarding was involved) Override information would include the Primary override and Source (Primary override is the override which impacted the delivery of the email) as well as any additional overrides that were applicable to the email. If a URL or a File was allowed due to a tenant policy like Tenant Allow/Block list, then that information would be shown in the entity views as well. Updates to Threat Explorer will include: Threat Explorer filters around System Override and System Override source would be renamed to Primary Override and Primary Override source to indicate the specific overrides which impacted the delivery of the email. This will help the analyst to locate malicious emails delivered due to potential config gaps, as well as identifying any tenant or user level configurations which have impacted the delivery of an email. In addition to the name updates for the above 2 filters, we will also be lighting up new filters to cover scenarios like if an email contained forwarding or not. [When this will happen:] We expect these updates to begin rolling out in early March and expect the rollout to be completed by late May (previously late April). | Updated June 2, 2022: We have updated the rollout timeline below. Thank you for your patience.
As part of Hunting improvements, we are making updates to the Email entity page, and Threat Explorer and Real-Time Detections. These updates should help provide additional data points and context for security analysts. These updates include: Updates to Email entity Page will include: A section around Threat Detection Details which will contain information around Threat, the corresponding detection technology and if the detection ran into any additional context. We will also light up additional email attributes like To, CC, Distribution list, Client information and forwarding (indicating if email forwarding was involved) Override information would include the Primary override and Source (Primary override is the override which impacted the delivery of the email) as well as any additional overrides that were applicable to the email. If a URL or a File was allowed due to a tenant policy like Tenant Allow/Block list, then that information would be shown in the entity views as well. Updates to Threat Explorer will include: Threat Explorer filters around System Override and System Override source would be renamed to Primary Override and Primary Override source to indicate the specific overrides which impacted the delivery of the email. This will help the analyst to locate malicious emails delivered due to potential config gaps, as well as identifying any tenant or user level configurations which have impacted the delivery of an email. In addition to the name updates for the above 2 filters, we will also be lighting up new filters to cover scenarios like if an email contained forwarding or not. [When this will happen:] We expect these updates to begin rolling out in early March and expect the rollout to be completed by late June (previously late May). |
2022-06-03 | MC End Time | 06/30/2022 09:00:00 | 2022-08-01T09:00:00Z |
2022-04-30 | MC Messages | As part of Hunting improvements, we are making updates to the Email entity page, and Threat Explorer and Real-Time Detections. These updates should help provide additional data points and context for security analysts. These updates include:
Updates to Email entity Page will include: A section around Threat Detection Details which will contain information around Threat, the corresponding detection technology and if the detection ran into any additional context. We will also light up additional email attributes like To, CC, Distribution list, Client information and forwarding (indicating if email forwarding was involved) Override information would include the Primary override and Source (Primary override is the override which impacted the delivery of the email) as well as any additional overrides that were applicable to the email. If a URL or a File was allowed due to a tenant policy like Tenant Allow/Block list, then that information would be shown in the entity views as well. Updates to Threat Explorer will include: Threat Explorer filters around System Override and System Override source would be renamed to Primary Override and Primary Override source to indicate the specific overrides which impacted the delivery of the email. This will help the analyst to locate malicious emails delivered due to potential config gaps, as well as identifying any tenant or user level configurations which have impacted the delivery of an email. In addition to the name updates for the above 2 filters, we will also be lighting up new filters to cover scenarios like if an email contained forwarding or not. [When this will happen:] We expect these updates to begin rolling out in early March and expect the rollout to be completed by late April. | Updated April 29, 2022: We have updated the rollout timeline below. Thank you for your patience.
As part of Hunting improvements, we are making updates to the Email entity page, and Threat Explorer and Real-Time Detections. These updates should help provide additional data points and context for security analysts. These updates include: Updates to Email entity Page will include: A section around Threat Detection Details which will contain information around Threat, the corresponding detection technology and if the detection ran into any additional context. We will also light up additional email attributes like To, CC, Distribution list, Client information and forwarding (indicating if email forwarding was involved) Override information would include the Primary override and Source (Primary override is the override which impacted the delivery of the email) as well as any additional overrides that were applicable to the email. If a URL or a File was allowed due to a tenant policy like Tenant Allow/Block list, then that information would be shown in the entity views as well. Updates to Threat Explorer will include: Threat Explorer filters around System Override and System Override source would be renamed to Primary Override and Primary Override source to indicate the specific overrides which impacted the delivery of the email. This will help the analyst to locate malicious emails delivered due to potential config gaps, as well as identifying any tenant or user level configurations which have impacted the delivery of an email. In addition to the name updates for the above 2 filters, we will also be lighting up new filters to cover scenarios like if an email contained forwarding or not. [When this will happen:] We expect these updates to begin rolling out in early March and expect the rollout to be completed by late May (previously late April). |
2022-04-30 | MC Title | Updates to Threat Explorer and Email entity page | (Updated) Updates to Threat Explorer and Email entity page |
2022-04-30 | MC Last Updated | 02/18/2022 00:33:48 | 2022-04-30T06:17:26Z |
2022-04-30 | MC MessageTagNames | Feature update, Admin impact | Updated message, Feature update, Admin impact |
2022-04-30 | MC End Time | 05/30/2022 09:00:00 | 2022-06-30T09:00:00Z |
*starting April 2022
Last updated 1 year ago