I'm looking for the best way to have our security analysts be able to search through email data in the Security & Compliance Center.
I've looked at Message Tracing and it didn't seem to offer enough information in real time. I've looked at Content Search and it seems to give too much ability for our security analyst role.
I came across this page:
https://docs.microsoft.com/en-us/office365/securitycompliance/investigate-malicious-email-that-was-d...
And it documents that there is a Threat Management > Explorer option that brings up the ability to search through "All Email". This option would be exactly what I'm looking for. When I look at the Threat Management menu I do not see an Explorer option, but a "Real-time reports" seems to look the same as the screenshots in the link above. With the exception that "All Email" isn't available for a search option. It only allows searching through Malware, User Reported, or Phish categories. We would need to be able to search through email that made it through without being categorized this way.
Can anyone tell me if an "All email" option exists if the user has the correct permissions / licensing and what that would be? Is "Real-time reports" the same as "Explorer" but renamed or is "Explorer" a separate option if permissions / licensing are appropriately setup?
TIA
