User experience update for Explorer and Real-Time Detections: Default All Email view and more updates

Originally posted by Microsoft Dec 3, 2021 Exchange Online 0 Comments

We are updating the user experience for Explorer and Real time detections, to improve the hunting experience and workflows, as well as align with modern accessibility standards . These are experience updates and do not involve major functional changes for core experiences like filtering, export and saving queries.

NOTE: For a short while, as we roll out updates, you will be able to toggle between the old experience and new experience. Note that toggling would impact only your session and does not impact anybody else within your tenant.

This message is associated with Microsoft 365 Roadmap ID 82192.

When this will happen:

We expect this to begin rolling out in late December and expect the rollout to be completed mid-February.

How this will affect your organization:

You will be start to see the updated experience as these updates are rolled out to you. These are experience updates, and do not involve major functional changes. As described above, you will have the option to toggle temporarily between the two experiences. Additional, the noteworthy campaigns experience in Threat tracker will not be present in the new view, but there are richer experiences like Campaigns and Threat analytics which offer more details and insights. See below for additional info on the planned updates:

All Email becomes the default view for Explorer

• The All-email view becomes the default view for Threat Explorer (Note: Malware view continues to remain the default view for Real-time detections), with the default time range set to 2 days. You can continue to expand your search to 30 days to search over a wider range. You can also tab across different views to get to the desired Phish or Malware view.

Grid and Export updates

Threat Trackers

What you need to do to prepare:

• Today you can access Email entity page by clicking on the link in the email flyout. With this change you will be also able to navigate directly to the email entity page from the grid. You will also be able to toggle between the grid view and the list view to maximize your result set in the grid, as well as export the chart or the grid data through a single click.
• The different entities like URL, IP move to a new, single tab-based view, and you can expand and collapse the different sections based on how you want to view the data.

• These changes also include updates around Threat trackers for Saved Queries, Tracked queries and trending campaigns.
  • Note: In the new experience updates, we would be retiring the view- Noteworthy Campaigns.
• For viewing information about campaigns, we recommend you to use the Campaigns experience (accessible through left nav bar), where you can view the different campaigns as well as detailed writeups for those campaigns. You can also view additional details within Threat Analytics, which is a set of reports from expert Microsoft security researchers covering the most relevant threats, including Active threat actors and their campaigns, popular and new attack techniques, critical vulnerabilities and more.

You will be start to see the updated experience as these updates are rolled out to you. You should be able to continue your day to day operations without any issues. There will be an option to toggle between the old and the new experience temporarily, as you adjust to the experiences.

Message ID: MC301302