Hunting for Impersonated domains and users

Threat Explorer (P2) and Real-time detections (P1) are powerful near real-time tools to help Security Operations teams investigate and respond to threats. Today we provide existing pivots for Detection Technology with User impersonation or Domain impersonation which show all Phish emails caught by our impersonation detection. We are adding new pivots called Impersonated user and Impersonated domain within Threat Explorer to enable Security Operations teams to explicitly hunt for specific protected users or domains within their organization that are targets of impersonation attacks. This additional information related to Impersonated domain(s) and Impersonated user(s) will also be shown in existing Impersonation insight pages and our new Email Entity page.

This message is associated with Microsoft 365 Roadmap ID 70613

When this will happen

We will begin rollout in March 2021 and expect to complete by the end of April 2021.

How this will affect your organization

Once available, the new pivots, Impersonated user and Impersonated domain, will be seen in the Threat Explorer page and additional information will be shown in Impersonation insight and Email Entity pages.

What you need to do to prepare

You may consider updating your training and documentation as appropriate.

Message ID: MC241580


No comments yet

Leave a Reply


I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.

%d bloggers like this: