Enhanced Submissions experience from Email entity and Summary panel
In Microsoft Defender XDR for Office 365, Microsoft is enhancing the Submit to Microsoft for review options on the Email entity page and Summary panel so admins can convey whether they are submitting for a second opinion or submitting to confirm a clean or a malicious verdict. In the same workflow, we are also introducing the Entities allow option that Security Operations team members can use when confident about a submission.
When this will happen:
It expect to complete by late April 2024.
How this will affect your organization:
If you are part of a Security Operations team and use Microsoft Defender for Office 365 email remediation features, you will see these enhancements for the Email entity page and Email summary panel:
- You can select the Take actions button in the top right corner of the Email entity page and summary panel.
- Selecting the Take actions button will open a wizard that triggers actions such as email purge actions, investigative actions, submissions to Microsoft for further analysis, and block sender/domain/URL/ attachments.
- With these new improvements you can now share the submission intent.
- With Submit to Microsoft for review, admins can convey whether they’re submitting for a second opinion from Microsoft or because Microsoft missed a true malicious message. This change will streamline Microsoft analysis of messages submitted by admins and will result in more accurate analysis.
The Submissions workflow has these options:
- I’ve confirmed it’s clean
- It appears clean
- sub-options: Tenant level allow and Tenant level block entities
- It appears suspicious
- I’ve confirmed it’s a threat
- sub-options: Tenant level allow and Tenant level block entities
What you need to do to prepare:
This enhancement won’t impact any existing submissions or filtering or grouping functionality in submissions.
For reference
Microsoft Defender for Office 365 permissions in the Microsoft Defender portal | Microsoft Learn
Microsoft Defender: The email entity page | Microsoft Learn
No Comments