Microsoft Defender Explorer

Steps to Follow

1. Access Threat Explorer:

   • Navigate to the Microsoft 365 Defender portal at .​

   • In the navigation pane, select Email & collaboration, then choose Explorer.​

2. Search for Specific Emails:

   • Use the search and filter options to locate emails based on criteria such as sender, recipient, subject, or detected threats.​

   • For instance, to identify phishing attempts, select the Phish view.​

3. Analyze Email Details:

   • Click on individual emails to view detailed information, including:​

     • Sender and recipient details

     • Delivery and filtering information

     • Detected threats

     • URLs and attachments

4. Remediate Threats:

   • Select the emails you wish to act upon.​

   • Click on Take action and choose the desired remediation action, such as Soft Delete or Hard Delete.​

   • Provide necessary details in the side pane, including a name for the remediation, severity, and description.​

   • Submit the action for approval.​

5. Track Remediation Actions:

   • After submission, monitor the status of your actions in the Action center under the History tab.​

   • Use filters like remediation name, approval ID, or status to locate specific actions.​

Best Practices:

• Batch Processing: For optimal performance, limit remediation actions to batches of 50,000 emails or fewer.​

• Two-Step Approval: Implement a two-step approval process for remediation actions to enhance security and oversight.

REFERENCES