We are happy to share that Microsoft Defender for Office 365 is rolling out the Threat Explorer-Version 3. Threat Explorer has been an integral part of security operations workflow allowing users to explore the email data and take remediation actions on threats. And we strive to make the security operations experience better for the users by enhancing the filtering, navigation and data visualization experiences.
With this new version, we are improving the filtering experience by adding four new filtering conditions. The existing “Advanced Filters” functionality has been made available with the new filter, thereby reducing the complexity in applying multiple filter conditions and providing users an easy to navigate and rich filtering experience.
When this will happen
GA: We will begin rolling out in late November and expect to complete rollout by early December.
Gov Clouds: We will begin rolling out in early December and expect to complete rollout by mid-December.
How this will affect your organization
With the new version of Threat Explorer, we will now support the following conditions in the filters:
- Equals any of – returns values matching the exact user input
- Equals none of – returns values not matching the exact user input
- Contains any of – returns values partially matching user input
- Contains none of – returns values not partially matching user input
These conditions are available based on the filter type as following:
What you need to do to prepare
There is nothing you need to do to prepare for this change. You may want to notify users and update training documentation if required.
Please visit this page (Threat hunting in Threat Explorer for Microsoft Defender for Office 365) to learn more.
Message ID: MC469568
Product: Defender, Defender for Office 365, Microsoft 365 Defender
Platform: World tenant