Defender for Office 365 automated investigations


A while ago I wrote an article:

Improved security is a shared responsibility

in which I encouraged the use of the Report message add in to Outlook.

What you may not realise about this add-in is that not only does it provide a centralised method to manage submissions per:

Providing feedback on user reported messages

but user reported messages also trigger an automated investigation:

What alert policies trigger automated investigations?

A security administrator can also manually trigger an investigation by using the Threat Explorer per:

Example: A security administrator triggers an investigation from Threat Explorer

If you want to better understand what Automated investigation and response (AIR) is and does, have look at:

AIR in Microsoft Defender for Office 365

This triggering of an automated investigation by simply using the Report message add in is another simple way to leverage the security tools that Defender for Office 365 provides and reduce administration workload.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s