Office 365 Security & Compliance Center Threat Management Explorer and "All Mail" option.

Occasional Visitor

I'm looking for the best way to have our security analysts be able to search through email data in the Security & Compliance Center. 


I've looked at Message Tracing and it didn't seem to offer enough information in real time. I've looked at Content Search and it seems to give too much ability for our security analyst role.


I came across this page:


And it documents that there is a Threat Management > Explorer option that brings up the ability to search through "All Email". This option would be exactly what I'm looking for. When I look at the Threat Management menu I do not see an Explorer option, but a "Real-time reports" seems to look the same as the screenshots in the link above. With the exception that "All Email" isn't available for a search option. It only allows searching through Malware, User Reported, or Phish categories. We would need to be able to search through email that made it through without being categorized this way.


Can anyone tell me if an "All email" option exists if the user has the correct permissions / licensing and what that would be? Is "Real-time reports" the same as "Explorer" but renamed or is "Explorer" a separate option if permissions / licensing are appropriately setup?







2 Replies
Threat explorer is included in threat management in E5 only or purchased (threat mgmt) as an add-on

Yes, it does exists, but as Adam mentioned you need the relevant SKU. And it's nowhere real-time, in fact the message trace gets data way faster compared to the threat explorer.