Microsoft Defender for Office 365: Hunting on Teams Messages

🚨 The Signal: New Advanced Hunting tables in Defender for Office 365 enable security teams to proactively hunt for malicious URLs within Microsoft Teams messages, enhancing threat detection and response capabilities.

The Impact

Security teams are affected by new hunting capabilities, reducing the risk of undetected malicious URLs in Teams.

• Security teams: Gain new capabilities for threat hunting in Teams.
• Security analysts: Must learn new KQL tables for effective hunting.
• Organisations: Improved detection of phishing and malware via Teams.
• Users: Indirectly benefit from a more secure Teams environment.

The Action

1. Review Microsoft Defender 365 documentation for new Advanced Hunting tables related to Teams messages.
2. Develop and test KQL queries to identify suspicious URLs in Teams.
3. Integrate new hunting queries into existing threat detection playbooks.
4. Train security analysts on the use of these new hunting capabilities.

Domain: Defender · Impact: medium · Workload: Microsoft Defender