Mar 29 2023 08:53 AM - edited Mar 29 2023 09:04 AM
We're new to MS Defender 365 and are starting to look into alerts/incidents - e.g., "A user clicked through to a potentially malicious URL." only to find that there is absolutely ZERO useful information on the Microsoft 365 Defender alert or incident page one would expect to find for such an alert (URL, recipient of the phishing e-mail, details regarding the phishing e-mail, etc.).
Granted, we have not deployed MS Defender to endpoints but that shouldn't matter since the information can be gleaned from Exchange Online. If the service knows a user clicked a potentially malicious link, for example, why does it not list which user, which URL, which message, etc.?
Please tell me we just need to toggle something on. The service and UI can't possibly be this bad.
Mar 30 2023 10:52 AM
Mar 30 2023 01:30 PM