For those of you using Microsoft Defender for Office 365 automated investigations, we have several new investigation improvements rolling out this month to improve your experience in the security center. These new features improve the clarity of Office 365 investigations, as well as improve Defender for Office 365 integration with SecOps tools in the security center.
These new email clusters will augment the existing email clusters in the user compromise investigation, which find emails similar to the malicious/suspicious messages that triggered the compromise-related mailbox alerts.
There is no impact to your current incident and automated investigation use. These new features add new fields you can use to find items easier. The main thing to note is that the new manually triggered email investigation alert will be seen in the security center, will generate alert email notifications, and will be available alongside other alerts in the Office 365 Management Activity API.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.