Microsoft Defender for Office 365: Automated Investigation & Response (AIR) Platform Modernization – User Submission Playbook

🚨 The Signal: Microsoft Defender for Office 365's Automated Investigation & Response (AIR) platform is being modernized. This improves the speed and scalability of investigations, particularly for user-submitted threats, leading to faster verdicts and resolutions.

The Impact

Security teams benefit from faster automated threat response, reducing the risk of successful email-borne attacks.

• Security Teams: Reduced manual effort in triaging user-reported threats.
• Security Teams: Faster containment of email-borne threats.
• End Users: Quicker feedback on reported suspicious emails.
• Organisations: Improved overall resilience against phishing and malware.

The Action

1. Review existing AIR policies in Microsoft 365 Defender portal: Email & collaboration > Policies & rules > Threat policies > AIR policies.
2. Monitor AIR investigation logs for improved performance metrics: Microsoft 365 Defender portal > Actions & submissions > Action center > History.
3. Communicate improved response times to end-users regarding their submissions.

Domain: Defender · Impact: medium · Workload: Microsoft Defender