Important
The improved Microsoft 365 Defender portal is now available. This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 Defender portal. Learn what’s new.
Applies to:
- Microsoft 365 Defender
Microsoft 365 Defender can help detect malicious attachments delivered via email. Since the Office 365 Security and Compliance Center integrates with Microsoft 365 Defender, security analysts can have visibility on threats coming in from Office 365, such as through email attachments.
For example, an analyst was assigned a multi-stage incident.
In the Alerts tab of the incident, alerts from Defender for Office 365 and Microsoft Defender for Cloud Apps are displayed. The analyst can drill down into the Defender for Office 365 alerts by selecting the email messages alerts. The details of the alert are displayed on the side pane.
By scrolling down further, more information is displayed, showing the malicious files and user that was impacted.
Selecting Open alert page takes you to the specific alert where various information can be viewed in greater detail by selecting the link. The actual email message can be viewed by selecting View messages in Explorer toward the bottom of the panel.
This takes the analyst to the Threat Management page where the email Subject, Recipient, Sender, and other information are displayed. ZAP under Special Actions tells the analyst that the Zero-hour auto purge feature was implemented. ZAP automatically detects and removes malicious and spam messages from mailboxes across the organization. For more information, see Zero-hour auto purge (ZAP) in Exchange Online.
Other actions can be taken on specific messages by selecting Actions.