On November 10, 2025, Microsoft rolled out new features in Defender for Office 365 that enable security teams to conduct automated investigations efficiently. Enhanced actions such as ‘Submit to Microsoft’ and ‘Initiate Automated Investigation’ are integrated into Advanced Hunting, streamlining workflows for SOCs. Security teams can now use custom Kusto Query Language (KQL) queries to hunt threats, which reduces the time necessary to manage malicious emails and enhances operational productivity.
This update addresses customer feedback by consolidating threat management tools, ensuring that standard administrative policies are upheld. Organizations are advised to audit existing queries and adapt their automated response playbooks to leverage these new functionalities. It is crucial for SOC teams to communicate these changes effectively to minimize disruption during implementation. Moreover, the enhancements align with trends towards automating investigations and responses, powering faster threat neutralization while maintaining the capability to review larger incidents, such as those exceeding 10,000 items.
👉 Pročitaj original: Cyber Security News
