Amateur cyclist and swimmer. Security Researcher in Microsoft 365 Defender team. Tweets are mine.
May 16, 2019 • 4 tweets • 3 min read
Office 365 Automated Investigation and Response (AIR) coming soon to ATP P2 or Office 365 E5 tenants. In this video I am showing one of the playbooks triggered by an Alert from Security and Compliance Center.
An Alert was triggered because malware was detected and removed from user mailbox after email message delivery. AIR analyzed: who else received similar emails, if user that received the malware violated DLP rules, had mailbox forwarding configured