Microsoft Defender for Office 365: Additional actions include submit, allow/block, and trigger AIR from Advanced Hunting.

🚨 The Signal: Security Operations Center (SOC) analysts can now directly submit, allow/block, and trigger automated investigations from Advanced Hunting in Defender for Office 365. This streamlines incident response for email threats.

The Impact

Security teams gain enhanced threat response capabilities, reducing the time to mitigate email-borne risks.

• Security Teams: Faster threat containment for email attacks.
• Security Teams: Improved efficiency in incident response workflows.
• Security Teams: Direct action from hunting reduces manual pivots.
• Security Teams: Better visibility and control over email threats.

The Action

1. Review existing Advanced Hunting queries and playbooks to incorporate new action capabilities.
2. Update incident response procedures to leverage direct submission, allow/block, and AIR triggers.
3. Train SOC analysts on the new Advanced Hunting actions for Defender for Office 365.
4. Monitor audit logs for actions taken via Advanced Hunting to ensure proper use and accountability.

Domain: Defender · Impact: high · Workload: Microsoft Defender