Hunting for Impersonated domains and users
Threat Explorer (P2) and Real-time detections (P1) are powerful near real-time tools to help Security Operations teams investigate and respond to threats. Today we provide existing pivots for Detection Technology with User impersonation or Domain impersonation which show all Phish emails caught by our impersonation detection. We are adding new pivots called Impersonated user and Impersonated domain within Threat Explorer to enable Security Operations teams to explicitly hunt for specific protected users or domains within their organization that are targets of impersonation attacks. This additional information related to Impersonated domain(s) and Impersonated user(s) will also be shown in existing Impersonation insight pages and our new Email Entity page.
This message is associated with Microsoft 365 Roadmap ID 70613
When this will happen
We will begin rollout in March 2021 and expect to complete by the end of April 2021.
How this will affect your organization
Once available, the new pivots, Impersonated user and Impersonated domain, will be seen in the Threat Explorer page and additional information will be shown in Impersonation insight and Email Entity pages.
What you need to do to prepare
You may consider updating your training and documentation as appropriate.
Message ID: MC241580