Microsoft Defender Explorer

Steps to Follow

1. Access Threat Explorer:

   • Navigate to the Microsoft 365 Defender portal at https://security.microsoft.com.​Microsoft Learn

   • In the navigation pane, select Email & collaboration, then choose Explorer.​Microsoft Learn

2. Search for Specific Emails:

   • Use the search and filter options to locate emails based on criteria such as sender, recipient, subject, or detected threats.​

   • For instance, to identify phishing attempts, select the Phish view.​Microsoft Learn

3. Analyze Email Details:

   • Click on individual emails to view detailed information, including:​

     • Sender and recipient details

     • Delivery and filtering information

     • Detected threats

     • URLs and attachments

4. Remediate Threats:

   • Select the emails you wish to act upon.​

   • Click on Take action and choose the desired remediation action, such as Soft Delete or Hard Delete.​Microsoft Learn

   • Provide necessary details in the side pane, including a name for the remediation, severity, and description.​Microsoft Learn

   • Submit the action for approval.​Microsoft Learn

5. Track Remediation Actions:

   • After submission, monitor the status of your actions in the Action center under the History tab.​

   • Use filters like remediation name, approval ID, or status to locate specific actions.​Microsoft Learn

Best Practices:

• Batch Processing: For optimal performance, limit remediation actions to batches of 50,000 emails or fewer.​

• Targeted Remediation: Focus on emails in folders like Inbox, Junk, or Deleted Items to ensure effective remediation.​Microsoft Learn

• Two-Step Approval: Implement a two-step approval process for remediation actions to enhance security and oversight.

REFERENCES

• https://learn.microsoft.com/en-us/defender-office-365/step-by-step-guides/search-for-emails-and-remediate-threats

• https://practical365.com/threat-explorer-microsoft-defender/