You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-office-365/defender-for-office-365-whats-new.md
+18-1Lines changed: 18 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,7 +8,7 @@ ms.author: chrisda
8
8
author: chrisda
9
9
manager: deniseb
10
10
ms.localizationpriority: medium
11
-
ms.date: 03/03/2025
11
+
ms.date: 05/19/2025
12
12
audience: ITPro
13
13
ms.collection:
14
14
- m365-security
@@ -39,6 +39,23 @@ For more information on what's new with other Microsoft Defender security produc
39
39
-[What's new in Microsoft Defender for Identity](/defender-for-identity/whats-new)
40
40
-[What's new in Microsoft Defender for Cloud Apps](/cloud-app-security/release-notes)
41
41
42
+
## May 2025
43
+
44
+
- In government cloud environments, :::image type="icon" source="media/m365-cc-sc-take-actions-icon.png" border="false"::: **Take action** replaces the **Message actions** drop down list on the **Email** tab (view) of the details area of the **All email**, **Malware**, or **Phish** views in [Threat Explorer (Explorer)](threat-explorer-real-time-detections-about.md):
45
+
- SecOps personnel can now create tenant-level block entries on URLs and files via the [Tenant Allow/Block List](tenant-allow-block-list-about.md) directly from Threat Explorer.
46
+
- For 100 or fewer messages selected in Threat Explorer, SecOps personnel can take multiple actions on the selected messages from the same page. For example:
47
+
- Purge email messages or propose email remediation.
48
+
- Submit messages to Microsoft.
49
+
- Trigger investigations.
50
+
- Crate block entries in the Tenant Allow/Block List.
51
+
- Actions are contextually based on the latest delivery location of the message, but SecOps personnel can use the **Show all response actions** toggle to allow all available actions.
52
+
- For 101 or more messages selected, only email purge and propose remediation options are available.
53
+
54
+
> [!TIP]
55
+
> A new panel allows SecOps personnel to look for indicators of compromise at the tenant level, and the block action is readily available.
56
+
57
+
For more information, see [Threat hunting: Email remediation](threat-explorer-threat-hunting.md#email-remediation) and [Remediate Malicious Email: Manual and automated remediation](remediate-malicious-email-delivered-office-365.md#manual-and-automated-remediation).
58
+
42
59
## March 2025
43
60
44
61
-**User reported messages by third-party add-ins can be sent to Microsoft for analysis**: In [user reported settings](submissions-user-reported-messages-custom-mailbox.md), admins can select **Monitor reported messages in Outlook**\>**Use a non-Microsoft add-in button**. In the **Reported message destination** section, select **Microsoft and my reporting mailbox**, and then provide the email address of the internal Exchange Online mailbox where user-reported messages by the third-party add-in are routed to. Microsoft analyzea these reported messages and provides result on the **User reported** tab of **Submissions** page at <https://security.microsoft.com/reportsubmission?viewid=user>.
0 commit comments