You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-office-365/mdo-email-entity-page.md
+9-3Lines changed: 9 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,7 +5,7 @@ f1.keywords:
5
5
author: chrisda
6
6
ms.author: chrisda
7
7
manager: bagol
8
-
ms.date: 07/07/2025
8
+
ms.date: 09/22/2025
9
9
audience: ITPro
10
10
ms.topic: article
11
11
ms.service: defender-office-365
@@ -297,7 +297,10 @@ Use :::image type="icon" source="media/m365-cc-sc-download-icon.png" border="fal
297
297
298
298
If you select an entry in the **Attachments** view by clicking on the **Attachment filename** value, a details flyout opens that contains the following information:
299
299
300
-
-**Deep analysis** tab: Information is available on this tab if [Safe Attachments](safe-attachments-about.md) scanned (detonated) the attachment. You can identify these messages in Threat Explorer by using the query filter **Detection technology** with the value **File detonation**.
300
+
-**Deep analysis** tab: Information is available on this tab if [Safe Attachments](safe-attachments-about.md) scanned (detonated) the attachment and it is identified as malicious through detonation. You can identify these messages in Threat Explorer using the following methods:
301
+
-**Detection technology** query filter with the value **File detonation**.
302
+
-**Detonation available** indicator in the **Details** column.
303
+
- The detonation count shown in the Email Summary Panel.
301
304
302
305
-**Detonation chain** section: Safe Attachments detonation of a single file can trigger multiple detonations. The _detonation chain_ tracks the path of detonations, including the original malicious file that caused the verdict, and all other files affected by the detonation. These attached files might not be directly present in the email. But, including the analysis is important to determining why the file was found to be malicious.
303
306
@@ -378,7 +381,10 @@ Use :::image type="icon" source="media/m365-cc-sc-download-icon.png" border="fal
378
381
379
382
If you select an entry in the **URL** view by clicking on the **URL** value, a details flyout opens that contains the following information:
380
383
381
-
-**Deep analysis** tab: Information is available on this tab if [Safe Links](safe-links-about.md) scanned (detonated) the URL. You can identify these messages in Threat Explorer by using the query filter **Detection technology** with the value **URL detonation**.
384
+
-**Deep analysis** tab: Information is available on this tab if [Safe Links](safe-links-about.md) scanned (detonated) the URL and it is identified as malicious through detonation. You can identify these messages in Threat Explorer using the following methods:
385
+
-**Detection technology** query filter with the value **URL detonation**.
386
+
-**Detonation available** indicator in the **Details** column.
387
+
- The detonation count shown in the Email Summary Panel.
382
388
383
389
-**Detonation chain** section: Safe Links detonation of a single URL can trigger multiple detonations. The _detonation chain_ tracks the path of detonations, including the original malicious URL that caused the verdict, and all other URLs affected by the detonation. These URLs might not be directly present in the email. But, including the analysis is important to determining why the URL was found to be malicious.
0 commit comments