-
Notifications
You must be signed in to change notification settings - Fork 362
Expand file tree
/
Copy pathTOC.yml
More file actions
587 lines (579 loc) · 30.1 KB
/
TOC.yml
File metadata and controls
587 lines (579 loc) · 30.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
- name: Office 365 security
href: index.yml
expanded: true
items:
- name: Overview
items:
- name: Microsoft Defender for Office 365 overview
href: mdo-about.md
- name: Overview of the built-in security features for all cloud mailboxes
href: eop-about.md
- name: What's new in Defender for Office 365
href: defender-for-office-365-whats-new.md
- name: Microsoft Defender for Office 365 for US Government customers
href: mdo-gov.md
- name: Get started
items:
- name: Get started with Microsoft Defender for Office 365
href: mdo-deployment-guide.md
- name: How threat protection works in Defender for Office 365
href: protection-stack-microsoft-defender-for-office365.md
- name: How policies and protections are combined
href: how-policies-and-protections-are-combined.md
- name: Secure by default
href: secure-by-default.md
- name: Zero Trust for Defender for Office 365
href: zero-trust-with-microsoft-365-defender-office-365.md
- name: Mail flow in cloud organizations
href: mail-flow-about.md
- name: Defender for Office 365 in Microsoft Teams
href: mdo-support-teams-about.md
- name: Microsoft Defender portal overview
href: /defender-xdr/microsoft-365-defender-portal
- name: Integrate non-Microsoft security services with Microsoft 365
href: mdo-integrate-security-service.md
- name: Evaluate
items:
- name: Try Defender for Office 365
href: try-microsoft-defender-for-office-365.md
- name: Trial User Guide for Defender for Office 365
href: trial-user-guide-defender-for-office-365.md
- name: Deploy
items:
- name: Pilot and deploy Defender for Office 365
href: /defender-xdr/pilot-deploy-defender-office-365?toc=/defender-office-365/TOC.json&bc=/defender-office-365/breadcrumb/toc.json
- name: Get started with Microsoft Defender for Office 365
href: mdo-deployment-guide.md
- name: Step 1 - Configure email authentication
items:
- name: About email authentication
href: email-authentication-about.md
- name: Set up SPF
href: email-authentication-spf-configure.md
- name: Set up DKIM
href: email-authentication-dkim-configure.md
- name: Set up DMARC
href: email-authentication-dmarc-configure.md
- name: Configure trusted ARC sealers
href: email-authentication-arc-configure.md
- name: Step 2 - Configure threat policies
items:
- name: Preset security policies
href: preset-security-policies.md
- name: Recommended email and collaboration threat policy settings for cloud organizations
href: recommended-settings-for-eop-and-office365.md
- name: Quickly configure Microsoft Teams protection
href: mdo-support-teams-quick-configure.md
- name: Step 3 - Assign permissions
items:
- name: Defender for Office 365 permissions
href: mdo-portal-permissions.md
- name: Permissions - Defender for Office 365 and Microsoft Purview
href: scc-permissions.md
- name: Microsoft Defender XDR RBAC
href: /defender-xdr/manage-rbac
- name: Step 4 - Apply priority account tags and user tags
items:
- name: Manage and monitor priority accounts
href: /microsoft-365/admin/setup/priority-accounts
- name: User tags in Defender for Office 365
href: user-tags-about.md
- name: Configure and review priority account protection
href: priority-accounts-turn-on-priority-account-protection.md
- name: Step 5 - Configure user reported settings
items:
- name: Email - user reported settings
href: submissions-user-reported-messages-custom-mailbox.md
- name: Transition from the Report Message and Report Phishing add-ins
href: submissions-users-report-message-add-in-configure.md
- name: Teams - user reported settings
href: submissions-teams.md
- name: Step 6 - Block and allow
items:
- name: Manage the Tenant Allow/Block List
href: tenant-allow-block-list-about.md
- name: Admin submissions
href: submissions-admin.md
- name: Step 7 - Launch phishing simulations using Attack simulation training
items:
- name: Get started using Attack simulation training
href: attack-simulation-training-get-started.md
- name: Step 8 - Protect, detect, and respond
items:
- name: Defender for Office 365 SecOps guide
href: mdo-sec-ops-guide.md
- name: Migrate
items:
- name: Migrate to Defender for Office 365
href: migrate-to-defender-for-office-365.md
- name: Step 1 - Prepare
href: migrate-to-defender-for-office-365-prepare.md
- name: Step 2 - Setup
href: migrate-to-defender-for-office-365-setup.md
- name: Step 3 - Onboard
href: migrate-to-defender-for-office-365-onboard.md
- name: Protect and Detect
items:
- name: Defender for Office 365 SecOps Guide
href: mdo-sec-ops-guide.md
- name: SecOps guide for Teams protection in Defender for Office 365
href: mdo-support-teams-sec-ops-guide.md
- name: SecOps guide for email authentication in Microsoft 365
href: email-auth-sec-ops-guide.md
- name: Threat classification
href: mdo-threat-classification.md
- name: Security recommendations for priority accounts
href: priority-accounts-security-recommendations.md
- name: Usage card in Defender for Office 365
href: mdo-usage-card-about.md
- name: Threat policies
items:
- name: Preset security policies
href: preset-security-policies.md
- name: Recommended email and collaboration threat policy settings for cloud organizations
href: recommended-settings-for-eop-and-office365.md
- name: Configuration analyzer for threat policies
href: configuration-analyzer-for-security-policies.md
- name: Anti-malware in cloud organizations
items:
- name: Anti-malware protection
href: anti-malware-protection-about.md
- name: Configure anti-malware policies
href: anti-malware-policies-configure.md
- name: Anti-malware protection FAQ
href: anti-malware-protection-faq.yml
- name: Zero-hour auto purge (ZAP)
href: zero-hour-auto-purge.md
- name: Virus detection in SharePoint
href: anti-malware-protection-for-spo-odfb-teams-about.md
- name: Anti-spam in cloud organizations
items:
- name: Anti-spam protection
href: anti-spam-protection-about.md
- name: Configure anti-spam policies
href: anti-spam-policies-configure.md
- name: Advanced Spam Filter (ASF) settings
href: anti-spam-policies-asf-settings-about.md
- name: What's the difference between junk email and bulk email?
href: anti-spam-spam-vs-bulk-about.md
- name: Spam confidence level (SCL)
href: anti-spam-spam-confidence-level-scl-about.md
- name: Bulk complaint level (BCL)
href: anti-spam-bulk-complaint-level-bcl-about.md
- name: Bulk senders insight
href: anti-spam-bulk-senders-insight.md
- name: Backscatter messages cloud organizations
href: anti-spam-backscatter-about.md
- name: Configure junk email settings on Exchange Online mailboxes
href: configure-junk-email-settings-on-exo-mailboxes.md
- name: Anti-spam protection FAQ
href: anti-spam-protection-faq.yml
- name: Zero-hour auto purge (ZAP)
href: zero-hour-auto-purge.md
- name: Deliver cloud-detected spam to the Junk Email folder in on-premises mailboxes
href: /exchange/standalone-eop/configure-eop-spam-protection-hybrid
- name: Anti-phishing for all cloud mailboxes and Defender for Office 365
items:
- name: Anti-phishing protection
href: anti-phishing-protection-about.md
- name: Anti-phishing policies
href: anti-phishing-policies-about.md
- name: Configure anti-phishing policies for all cloud mailboxes
href: anti-phishing-policies-eop-configure.md
- name: Configure anti-phishing policies in Defender for Office 365
href: anti-phishing-policies-mdo-configure.md
- name: Anti-spoofing protection
href: anti-phishing-protection-spoofing-about.md
- name: Anti-spoofing protection FAQ
href: anti-phishing-protection-spoofing-faq.yml
- name: How Microsoft 365 validates the From address
href: anti-phishing-from-email-address-validation.md
- name: Tune anti-phishing protection
href: anti-phishing-protection-tuning.md
- name: Spoof intelligence insight
href: anti-spoofing-spoof-intelligence.md
- name: Impersonation insight
href: anti-phishing-mdo-impersonation-insight.md
- name: Safe Attachments in Defender for Office 365
items:
- name: Safe Attachments in Defender for Office 365
href: safe-attachments-about.md
- name: Set up Safe Attachments policies in Defender for Office 365
href: safe-attachments-policies-configure.md
- name: Safe Attachments for SharePoint, OneDrive, and Microsoft Teams
href: safe-attachments-for-spo-odfb-teams-about.md
- name: Turn on Safe Attachments for SharePoint, OneDrive, and Microsoft Teams
href: safe-attachments-for-spo-odfb-teams-configure.md
- name: Safe Links in Defender for Office 365
items:
- name: Safe Links in Defender for Office 365
href: safe-links-about.md
- name: Set up Safe Links policies in Defender for Office 365
href: safe-links-policies-configure.md
- name: Outbound spam protection in cloud organizations
items:
- name: Outbound spam protection
href: outbound-spam-protection-about.md
- name: Configure outbound spam policies
href: outbound-spam-policies-configure.md
- name: Control automatic external email forwarding
href: outbound-spam-policies-external-email-forwarding.md
- name: Outbound delivery pools
href: outbound-spam-high-risk-delivery-pool-about.md
- name: Restore restricted users
href: outbound-spam-restore-restricted-users.md
- name: Connection filtering in cloud organizations
items:
- name: Configure the connection filtering policy
href: connection-filter-policies-configure.md
- name: Audit log search
items:
- name: Search the audit log
href: audit-log-search-defender-portal.md
- name: Advanced delivery policy
items:
- name: Configure SecOps mailboxes and phishing simulation URLs
href: advanced-delivery-policy-configure.md
- name: Alert policies
items:
- name: Alert policies
href: alert-policies-defender-portal.md
- name: Allow and block
items:
- name: Tenant Allow/Block List
items:
- name: About the Tenant Allow/Block List
href: tenant-allow-block-list-about.md
- name: Allow or block email using the Tenant Allow/Block List
href: tenant-allow-block-list-email-spoof-configure.md
- name: Allow or block files using the Tenant Allow/Block List
href: tenant-allow-block-list-files-configure.md
- name: Allow or block URLs using the Tenant Allow/Block List
href: tenant-allow-block-list-urls-configure.md
- name: Allow or block IPv6 addresses using the Tenant Allow/Block List
href: tenant-allow-block-list-ip-addresses-configure.md
- name: Block domains in Microsoft Teams using the Tenant Allow/Block List
href: tenant-allow-block-list-teams-domains-configure.md
- name: Admin submissions
href: submissions-admin.md
- name: Create block sender lists
href: create-block-sender-lists-in-office-365.md
- name: Create safe sender lists
href: create-safe-sender-lists-in-office-365.md
- name: Attack simulation training in Defender for Office 365
items:
- name: Get started using Attack simulation training
href: attack-simulation-training-get-started.md
- name: Simulate a phishing attack with Attack simulation training
href: attack-simulation-training-simulations.md
- name: Simulation automations in Attack simulation training
href: attack-simulation-training-simulation-automations.md
- name: Payload automations in Attack simulation training
href: attack-simulation-training-payload-automations.md
- name: End-user notifications for Attack simulation training
href: attack-simulation-training-end-user-notifications.md
- name: Login pages in Attack simulation training
href: attack-simulation-training-login-pages.md
- name: Payloads in Attack simulation training
href: attack-simulation-training-payloads.md
- name: Landing pages in Attack simulation training
href: attack-simulation-training-landing-pages.md
- name: Training campaigns in Attack simulation training
href: attack-simulation-training-training-campaigns.md
- name: Training modules in Attack simulation training
href: attack-simulation-training-training-modules.md
- name: Insights and reporting in Attack simulation training
href: attack-simulation-training-insights.md
- name: Global settings in Attack simulation training
href: attack-simulation-training-settings.md
- name: Attack simulation training deployment considerations and FAQ
href: attack-simulation-training-faq.md
- name: Microsoft Teams in Attack simulation training
href: attack-simulation-training-teams.md
- name: Connectors for mail flow
items:
- name: Configure mail flow using connectors
href: /exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/use-connectors-to-configure-mail-flow
- name: Respond to a compromised connector
href: connectors-detect-respond-to-compromise.md
- name: Remove blocked connectors
href: connectors-remove-blocked.md
- name: Delegated administration
items:
- name: Delegated administration FAQ
href: delegated-administration-faq.yml
- name: Exchange mail flow rules (transport rules)
items:
- name: About mail flow rules
href: /exchange/security-and-compliance/mail-flow-rules/mail-flow-rules
- name: Mail flow rule conditions and exceptions
href: /exchange/security-and-compliance/mail-flow-rules/conditions-and-exceptions
- name: Mail flow rule actions
href: /exchange/security-and-compliance/mail-flow-rules/mail-flow-rule-actions
- name: Manage mail flow rules
href: /exchange/security-and-compliance/mail-flow-rules/manage-mail-flow-rules
- name: Mail flow rule configuration best practices
href: /exchange/security-and-compliance/mail-flow-rules/configuration-best-practices
- name: Test mail flow rules
href: /exchange/security-and-compliance/mail-flow-rules/test-mail-flow-rules
- name: Mail flow rule procedures
items:
- name: Mail flow rule procedures
href: /exchange/security-and-compliance/mail-flow-rules/mail-flow-rule-procedures
- name: Use rules to set the SCL
href: /exchange/security-and-compliance/mail-flow-rules/use-rules-to-set-scl
- name: Use rules for attachment blocking scenarios
href: /exchange/security-and-compliance/mail-flow-rules/common-attachment-blocking-scenarios
- name: Use rules to block messages with executable attachments
href: /exchange/security-and-compliance/mail-flow-rules/use-rules-to-block-executable-attachments
- name: Use rules to inspect message attachments
href: /exchange/security-and-compliance/mail-flow-rules/inspect-message-attachments
- name: Use mail flow rules to filter bulk mail
href: /exchange/security-and-compliance/mail-flow-rules/use-rules-to-filter-bulk-mail
- name: Message trace
items:
- name: Message trace
href: message-trace-defender-portal.md
- name: Quarantine
items:
- name: Quarantine
href: quarantine-about.md
- name: Admin quarantine
href: quarantine-admin-manage-messages-files.md
- name: End-user quarantine
href: quarantine-end-user.md
- name: Quarantine policies
href: quarantine-policies.md
- name: Release quarantined messages from shared mailboxes
href: quarantine-shared-mailbox-messages.md
- name: Quarantine notifications
href: quarantine-quarantine-notifications.md
- name: Quarantine FAQ
href: quarantine-faq.yml
- name: Reports
items:
- name: Email security reports
href: reports-email-security.md
- name: Defender for Office 365 reports
href: reports-defender-for-office-365.md
- name: Defender for Office 365 Overview dashboard
href: reports-mdo-email-collaboration-dashboard.md
- name: Safe Documents in Microsoft 365 A5/E5/G5 or Microsoft Defender Suite
href: safe-documents-in-e5-plus-security-about.md
- name: Investigate and Respond
items:
- name: Manage incidents and alerts in Microsoft Defender XDR
href: mdo-sec-ops-manage-incidents-and-alerts.md
- name: How threat investigation and response works
href: office-365-ti.md
- name: Defender for Office 365 SecOps Guide
href: mdo-sec-ops-guide.md
- name: SecOps guide for Teams protection in Defender for Office 365
href: mdo-support-teams-sec-ops-guide.md
- name: Analyze and classify
items:
- name: Campaign Views
href: campaigns.md
- name: Report suspicious messages and files
items:
- name: Report suspicious email or files to Microsoft
href: submissions-report-messages-files-to-microsoft.md
- name: Admin submissions
href: submissions-admin.md
- name: Transition from the Report Message and Report Phishing add-ins
href: submissions-users-report-message-add-in-configure.md
- name: Report phishing and suspicious emails in Outlook for admins
href: submissions-outlook-report-messages.md
- name: User reported settings
href: submissions-user-reported-messages-custom-mailbox.md
- name: User reported message settings in Teams
href: submissions-teams.md
- name: Submit malware and non-malware to Microsoft
href: submissions-submit-files-to-microsoft.md
- name: Admin review for user reported messages
href: submissions-admin-review-user-reported-messages.md
- name: Submission result definitions
href: submissions-result-definitions.md
- name: Threat Explorer and real-time detections
items:
- name: About Threat Explorer and Real-time detections
href: threat-explorer-real-time-detections-about.md
- name: Threat hunting in Threat Explorer and Real-time detections
href: threat-explorer-threat-hunting.md
- name: Email security with Threat Explorer and Real-time detections
href: threat-explorer-email-security.md
- name: Investigate delivered malicious email with Threat Explorer and Real-time detections
href: threat-explorer-investigate-delivered-malicious-email.md
- name: Email entity page
href: mdo-email-entity-page.md
- name: Teams message entity panel
href: teams-message-entity-panel.md
- name: Insights
items:
- name: Bulk senders insight
href: anti-spam-bulk-senders-insight.md
- name: Spoof intelligence insight
href: anti-spoofing-spoof-intelligence.md
- name: Impersonation insight
href: anti-phishing-mdo-impersonation-insight.md
- name: Search the audit log
href: audit-log-search-defender-portal.md
- name: Reports
items:
- name: Email security reports
href: reports-email-security.md
- name: Defender for Office 365 reports
href: reports-defender-for-office-365.md
- name: Message trace
items:
- name: Message trace
href: message-trace-defender-portal.md
- name: Threat Trackers
items:
- name: Threat trackers
href: threat-trackers.md
- name: SIEM server integration
items:
- name: SIEM server integration
href: siem-server-integration.md
- name: SIEM threat intelligence integration
href: siem-integration-with-office-365-ti.md
- name: Respond and remediate
items:
- name: Responding to a Compromised Email Account in Office 365
href: responding-to-a-compromised-email-account.md
- name: Remediate malicious email
href: remediate-malicious-email-delivered-office-365.md
- name: Automated Investigation and Response (AIR)
items:
- name: AIR overview and permissions
items:
- name: AIR overview
href: air-about.md
- name: AIR examples
href: air-examples.md
- name: Review and approve (or reject) pending actions
href: air-review-approve-pending-completed-actions.md
- name: Manage false positives and false negatives in AIR
href: air-report-false-positives-negatives.md
- name: View details and results of an automated investigation
href: air-view-investigation-results.md
- name: Automatic user notifications for user reported phishing results
href: air-user-automatic-feedback-response.md
- name: Remediation in AIR
items:
- name: Remediation actions
href: air-remediation-actions.md
- name: Review and approve (or reject) pending actions
href: air-review-approve-pending-completed-actions.md
- name: Automated remediation in AIR
href: air-auto-remediation.md
- name: Detect and address compromised user accounts in AIR
href: address-compromised-users-quickly.md
- name: Integrate AIR with a custom solution or non-Microsoft solution
href: air-custom-reporting.md
- name: Email analysis in investigations
href: email-analysis-investigations.md
- name: Detect and Remediate Illicit Consent Grants in Office 365
href: detect-and-remediate-illicit-consent-grants.md
- name: Detect and Remediate Outlook Rules and Custom Forms Injections Attacks in Office 365
href: detect-and-remediate-outlook-rules-forms-attack.md
- name: Reference
items:
- name: Anti-spam message headers
href: message-headers-eop-mdo.md
- name: Application Guard for Office
href: app-guard-for-office-install.md
- name: Data retention in Defender for Office 365
href: mdo-data-retention.md
- name: Privacy in Defender for Office 365
href: mdo-privacy.md
- name: Defender for Office 365 ICES Vendor Ecosystem integration guide
href: mdo-ices-vendor-ecosystem.md
- name: External email senders - Microsoft 365 resources
items:
- name: Microsoft 365 services for external email senders
href: external-senders-microsoft-365-services.md
- name: External senders - Troubleshooting email sent to Microsoft 365
href: external-senders-mail-flow-troubleshooting.md
- name: External senders - Remove yourself from the blocked senders list
href: external-senders-use-the-delist-portal-to-unblock-yourself.md
- name: Policies, practices, and guidelines
href: external-senders-policies-practices-guidelines.md
- name: Privileged identity management in Defender for Office 365
href: pim-in-mdo-configure.md
- name: Microsoft Defender XDR docs
items:
- name: Microsoft Defender XDR
href: /defender
- name: Defender for Endpoint
href: /defender-endpoint
- name: Defender for Identity
href: /defender-for-identity
- name: Defender for Cloud Apps
href: /cloud-app-security
- name: Defender for Business
href: /defender-business
- name: Defender Vulnerability Management
href: /defender-vulnerability-management
- name: Step-by-step guides
items:
- name: Microsoft Defender for Office 365 step-by-step guides and how to use them
href: step-by-step-guides/step-by-step-guide-overview.md
- name: Configure
items:
- name: Getting started with defense in-depth configuration for email security
href: step-by-step-guides/defense-in-depth-guide.md
- name: Tune Microsoft Defender for Office 365
href: step-by-step-guides/tune-microsoft-defender-for-office-365.md
- name: How to configure quarantine permissions and policies
href: step-by-step-guides/how-to-configure-quarantine-permissions-with-quarantine-policies.md
- name: Set up steps for the Standard or Strict preset security policies in Microsoft Defender for Office 365
href: step-by-step-guides/ensuring-you-always-have-the-optimal-security-controls-with-preset-security-policies.md
- name: Reduce the attack surface for Microsoft Teams
href: step-by-step-guides/reducing-attack-surface-in-microsoft-teams.md
- name: Connect Microsoft Defender for Office 365 to Microsoft Sentinel
href: step-by-step-guides/connect-microsoft-defender-for-office-365-to-microsoft-sentinel.md
- name: How to enable DMARC Reporting for Microsoft Online Email Routing Address (MOERA) and parked Domains
href: step-by-step-guides/how-to-enable-dmarc-reporting-for-microsoft-online-email-routing-address-moera-and-parked-domains.md
- name: Use Microsoft Defender for Office 365 in SharePoint
href: step-by-step-guides/utilize-microsoft-defender-for-office-365-in-sharepoint-online.md
- name: Tune bulk email filtering
href: step-by-step-guides/tune-bulk-mail-filtering-walkthrough.md
- name: Use
items:
- name: Track and respond to emerging security threats with campaigns view in Microsoft Defender for Office 365
href: step-by-step-guides/track-and-respond-to-emerging-threats-with-campaigns.md
- name: Set up a digest notification of changes to Microsoft Defender for Office 365 from the message center
href: step-by-step-guides/stay-informed-with-message-center.md
- name: How to prioritize, Manage, Investigate & Respond to Incidents in Microsoft Defender XDR
href: step-by-step-guides/how-to-prioritize-manage-investigate-and-respond-to-incidents-in-microsoft-365-defender.md
- name: How to run attack simulations for your team
href: step-by-step-guides/how-to-run-attack-simulations-for-your-team.md
- name: How to setup automated attacks and training within Attack simulation training
href: step-by-step-guides/how-to-setup-attack-simulation-training-for-automated-attacks-and-training.md
- name: Optimize and correct threat policies with configuration analyzer
href: step-by-step-guides/optimize-and-correct-security-policies-with-configuration-analyzer.md
- name: Protect your c-suite with priority account protection
href: step-by-step-guides/protect-your-c-suite-with-priority-account-protection.md
- name: Search for emails and remediate threats using Threat Explorer in Microsoft Defender XDR
href: step-by-step-guides/search-for-emails-and-remediate-threats.md
- name: How to prioritize and manage Automated Investigations and Response (AIR)
href: step-by-step-guides/how-to-prioritize-and-manage-automated-investigations-and-response-air.md
- name: Add Advanced Hunting community queries to Microsoft Defender XDR and Microsoft Sentinel
href: step-by-step-guides/add-advanced-hunting-community-queries.md
- name: Diagnose
items:
- name: Understanding overrides within the email entity page in Microsoft Defender
for Office 365
href: ./step-by-step-guides/understand-overrides-in-email-entity.md
- name: (False Negatives) How to handle malicious emails that are delivered to recipients using Microsoft Defender for Office 365
href: step-by-step-guides/how-to-handle-false-negatives-in-microsoft-defender-for-office-365.md
- name: (False Positives) How to handle legitimate emails getting blocked from delivery using Microsoft Defender for Office 365
href: step-by-step-guides/how-to-handle-false-positives-in-microsoft-defender-for-office-365.md
- name: Understanding detection technology in the email entity page of Microsoft Defender for Office 365
href: step-by-step-guides/understand-detection-technology-in-email-entity.md
- name: Assess the impact of security configuration changes with Explorer
href: step-by-step-guides/assess-the-impact-of-security-configuration-changes-with-explorer.md
- name: Review and remove unnecessary allow list entries with Advanced Hunting in Microsoft Defender for Office 365
href: step-by-step-guides/review-allow-entries.md