{"id":12393,"date":"2025-07-30T01:01:26","date_gmt":"2025-07-29T16:01:26","guid":{"rendered":"https:\/\/m365jp.net\/?p=12393"},"modified":"2025-07-30T01:02:23","modified_gmt":"2025-07-29T16:02:23","slug":"mc1088729-updated-microsoft-defender-for-office-365-two-new-data-tables-in-advanced-hunting-preview","status":"publish","type":"post","link":"https:\/\/m365jp.net\/index.php\/2025-07-30-mc1088729-updated-microsoft-defender-for-office-365-two-new-data-tables-in-advanced-hunting-preview","title":{"rendered":"MC1088729 | (Updated) Microsoft Defender for Office 365: Two new data tables in Advanced hunting (preview)"},"content":{"rendered":"<div class=\"postie-post\">\n<div>\n<hr>\n<table id=\"section\">\n<tbody>\n<tr>\n<th width=\"95%\">MC1088729 | (Updated) Microsoft Defender for Office 365: Two new data tables in Advanced hunting (preview)<\/th>\n<\/tr>\n<\/tbody>\n<\/table>\n<hr>\n<table id=\"data\">\n<tbody>\n<tr>\n<th>Classification<\/th>\n<td>stayInformed<\/td>\n<\/tr>\n<tr>\n<th>Last Updated<\/th>\n<td>07\/29\/2025 15:23:42<\/td>\n<\/tr>\n<tr>\n<th>Start Time<\/th>\n<td>06\/05\/2025 23:43:06<\/td>\n<\/tr>\n<tr>\n<th>End Time<\/th>\n<td>10\/06\/2025 07:00:00<\/td>\n<\/tr>\n<tr>\n<th>Message Content<\/th>\n<td>\n<p>Updated July 29, 2025: We have updated the timeline. Thank you for your patience.<\/p>\n<p>Coming soon for Microsoft Defender for Office 365: We are excited to announce the new CampaignInfo and FileMaliciousContentInfo data tables in Advanced hunting under  <i>Email &amp; collaboration schema<\/i>.  <\/p>\n<p>[When this will happen:]  <\/p>\n<p>  <\/p>\n<p>Public Preview: We will begin rolling out early June 2025 and expect to complete by late June 2025.<\/p>\n<p>General Availability (Worldwide, GCC, GCC High, DoD): We will begin rolling out early July 2025 and expect to complete by late August 2025 (previously late July).<\/p>\n<p>[How this will affect your organization:]<\/p>\n<p>The new tables will be available by default. SOC teams will be able to see two new data tables in Defender &gt;  <i>Advanced hunting &gt; Email &amp; collaboration schema.<\/i><\/p>\n<p>1. CampaignInfo<\/p>\n<p>The CampaignInfo table in the Advanced hunting schema contains information about email campaigns identified by Defender for Office 365. The table will have this schema to help the security teams to investigate threats targeting their users and organization:    <\/p>\n<p><img decoding=\"async\" style=\"width: 400px;\" alt=\"admin controls\" src=\"https:\/\/cxcs.microsoft.net\/file\/ccp\/en-us\/047abf98-ef74-4f81-a0d3-81c8c421bca5\">  <\/p>\n<p>2. FileMaliciousContentInfo<\/p>\n<p>The FileMaliciousContentInfo table in the Advanced hunting schema contains information about files that were identified as malicious by Defender for Office 365 in Microsoft SharePoint Online, Microsoft OneDrive, and Microsoft Teams. The table will have this   schema to help the security teams to investigate threats targeting their users and organization:    <\/p>\n<p><img decoding=\"async\" style=\"width: 400px;\" alt=\"admin controls\" src=\"https:\/\/cxcs.microsoft.net\/file\/ccp\/en-us\/6d5f9803-4165-4ad0-83ab-de4d42b2ad30\">  <\/p>\n<p>Here are a few sample queries to get you started:  <\/p>\n<p><code>\/\/Emails sent as part of phishing campaigns <br \/>  <\/code><\/p>\n<p><code>CampaignInfo <br \/>  <\/code><\/p>\n<p><code>| where Timestamp &gt; ago(7d) <br \/>  <\/code><\/p>\n<p><code>| where CampaignType has \"Phish\" <br \/>  <\/code><\/p>\n<p><code>| project NetworkMessageId, RecipientEmailAddress, CampaignName, CampaignId, CampaignType  <br \/>  <\/code><\/p>\n<p><code>| join (EmailEvents | where Timestamp &gt; ago(7d)) on NetworkMessageId, RecipientEmailAddress  <br \/>  <\/code><\/p>\n<p><code>| project Timestamp, NetworkMessageId, Subject, SenderMailFromAddress, RecipientEmailAddress, LatestDeliveryLocation, LatestDeliveryAction, CampaignId, CampaignName, CampaignType<\/code><\/p>\n<p><code><br \/>  <\/code><\/p>\n<p><code>\/\/Files identified as Malware modified in last 1 day<br \/>  <\/code><\/p>\n<p><code>FileMaliciousContentInfo<\/code>  <\/p>\n<p><code>| where ThreatTypes == \"Malware\"<br \/>  <\/code><\/p>\n<p><code>| where LastModifiedTime &gt; ago(1d)<\/code><\/p>\n<p><code><br \/>  <\/code><\/p>\n<p>[What you need to do to prepare:]<\/p>\n<p>This rollout will happen automatically by the specified dates with no admin action required before the rollout. Review your current configuration to assess the impact on your organization. You may want to notify your users about this change and update your   relevant documentation.<\/p>\n<p>After the Public Preview rollout, we will update this post with new documentation.<\/p>\n<\/td>\n<\/tr>\n<tr>\n<th>Machine Translation<\/th>\n<td>\n<p>2025 \u5e74 7 \u6708 29 \u65e5\u66f4\u65b0: \u30bf\u30a4\u30e0\u30e9\u30a4\u30f3\u3092\u66f4\u65b0\u3057\u307e\u3057\u305f\u3002\u304a\u5f85\u3061\u3044\u305f\u3060\u304d\u3042\u308a\u304c\u3068\u3046\u3054\u3056\u3044\u307e\u3059\u3002<\/p>\n<p>Microsoft Defender for Office 365 \u306e\u8fd1\u65e5\u516c\u958b\u4e88\u5b9a: <i>[\u96fb\u5b50\u30e1\u30fc\u30eb\u3068\u30b3\u30e9\u30dc\u30ec\u30fc\u30b7\u30e7\u30f3 \u30b9\u30ad\u30fc\u30de<\/i>] \u306e [\u9ad8\u5ea6\u306a\u30cf\u30f3\u30c6\u30a3\u30f3\u30b0] \u3067\u3001\u65b0\u3057\u3044 CampaignInfo \u30c7\u30fc\u30bf \u30c6\u30fc\u30d6\u30eb\u3068 FileMaliciousContentInfo \u30c7\u30fc\u30bf \u30c6\u30fc\u30d6\u30eb\u3092\u767a\u8868\u3067\u304d\u308b\u3053\u3068\u3092\u5b09\u3057\u304f\u601d\u3044\u307e\u3059\u3002<\/p>\n<p>[\u3053\u308c\u304c\u3044\u3064\u8d77\u3053\u308b\u304b:]<\/p>\n<p>  <\/p>\n<p>\u30d1\u30d6\u30ea\u30c3\u30af \u30d7\u30ec\u30d3\u30e5\u30fc: 2025 \u5e74 6 \u6708\u521d\u65ec\u306b\u30ed\u30fc\u30eb\u30a2\u30a6\u30c8\u3092\u958b\u59cb\u3057\u30012025 \u5e74 6 \u6708\u4e0b\u65ec\u307e\u3067\u306b\u5b8c\u4e86\u3059\u308b\u4e88\u5b9a\u3067\u3059\u3002<\/p>\n<p>\u4e00\u822c\u63d0\u4f9b (\u30ef\u30fc\u30eb\u30c9\u30ef\u30a4\u30c9\u3001GCC\u3001GCC High\u3001DoD): 2025 \u5e74 7 \u6708\u521d\u65ec\u306b\u30ed\u30fc\u30eb\u30a2\u30a6\u30c8\u3092\u958b\u59cb\u3057\u30012025 \u5e74 8 \u6708\u4e0b\u65ec (\u4ee5\u524d\u306f 7 \u6708\u4e0b\u65ec) \u307e\u3067\u306b\u5b8c\u4e86\u3059\u308b\u4e88\u5b9a\u3067\u3059\u3002<\/p>\n<p>[\u3053\u308c\u304c\u7d44\u7e54\u306b\u3069\u306e\u3088\u3046\u306a\u5f71\u97ff\u3092\u4e0e\u3048\u308b\u304b:]<\/p>\n<p>\u65b0\u3057\u3044\u30c6\u30fc\u30d6\u30eb\u306f\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u4f7f\u7528\u3067\u304d\u307e\u3059\u3002SOC \u30c1\u30fc\u30e0\u306f\u3001Defender &gt; Advanced <i>\u30cf\u30f3\u30c6\u30a3\u30f3\u30b0 &gt; \u96fb\u5b50\u30e1\u30fc\u30eb\u3068\u30b3\u30e9\u30dc\u30ec\u30fc\u30b7\u30e7\u30f3 \u30b9\u30ad\u30fc\u30de<\/i>\u306e 2 \u3064\u306e\u65b0\u3057\u3044\u30c7\u30fc\u30bf \u30c6\u30fc\u30d6\u30eb\u3092\u8868\u793a\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<p>1. \u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u60c5\u5831<\/p>\n<p>\u9ad8\u5ea6\u306a\u30cf\u30f3\u30c6\u30a3\u30f3\u30b0 \u30b9\u30ad\u30fc\u30de\u306e CampaignInfo \u30c6\u30fc\u30d6\u30eb\u306b\u306f\u3001Defender for Office 365\u306b\u3088\u3063\u3066\u8b58\u5225\u3055\u308c\u308b\u96fb\u5b50\u30e1\u30fc\u30eb \u30ad\u30e3\u30f3\u30da\u30fc\u30f3\u306b\u95a2\u3059\u308b\u60c5\u5831\u304c\u542b\u307e\u308c\u3066\u3044\u307e\u3059\u3002\u3053\u306e\u8868\u306b\u306f\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30c1\u30fc\u30e0\u304c\u30e6\u30fc\u30b6\u30fc\u3084\u7d44\u7e54\u3092\u6a19\u7684\u3068\u3059\u308b\u8105\u5a01\u3092\u8abf\u67fb\u3059\u308b\u306e\u306b\u5f79\u7acb\u3064\u6b21\u306e\u30b9\u30ad\u30fc\u30de\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<p><img decoding=\"async\" style=\"width: 400px;\" alt=\"admin controls\" src=\"https:\/\/cxcs.microsoft.net\/file\/ccp\/en-us\/047abf98-ef74-4f81-a0d3-81c8c421bca5\">  <\/p>\n<p>2. \u30d5\u30a1\u30a4\u30eb\u60aa\u610f\u30b3\u30f3\u30c6\u30f3\u30c4\u60c5\u5831<\/p>\n<p>\u9ad8\u5ea6\u306a\u30cf\u30f3\u30c6\u30a3\u30f3\u30b0 \u30b9\u30ad\u30fc\u30de\u306e FileMaliciousContentInfo \u30c6\u30fc\u30d6\u30eb\u306b\u306f\u3001Microsoft SharePoint Online\u3001Microsoft OneDrive\u3001Microsoft Teams \u306e Defender for Office 365 \u306b\u3088\u3063\u3066\u60aa\u610f\u306e\u3042\u308b\u3082\u306e\u3068\u3057\u3066\u8b58\u5225\u3055\u308c\u305f\u30d5\u30a1\u30a4\u30eb\u306b\u95a2\u3059\u308b\u60c5\u5831\u304c\u542b\u307e\u308c\u3066\u3044\u307e\u3059\u3002\u3053\u306e\u8868\u306b\u306f\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30c1\u30fc\u30e0\u304c\u30e6\u30fc\u30b6\u30fc\u3084\u7d44\u7e54\u3092\u6a19\u7684\u3068\u3059\u308b\u8105\u5a01\u3092\u8abf\u67fb\u3059\u308b\u306e\u306b\u5f79\u7acb\u3064\u6b21\u306e\u30b9\u30ad\u30fc\u30de\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<p><img decoding=\"async\" style=\"width: 400px;\" alt=\"admin controls\" src=\"https:\/\/cxcs.microsoft.net\/file\/ccp\/en-us\/6d5f9803-4165-4ad0-83ab-de4d42b2ad30\">  <\/p>\n<p>\u958b\u59cb\u3059\u308b\u305f\u3081\u306e\u30b5\u30f3\u30d7\u30eb\u30af\u30a8\u30ea\u3092\u3044\u304f\u3064\u304b\u793a\u3057\u307e\u3059\u3002<\/p>\n<p><code>\/\/Emails sent as part of phishing campaigns <br \/>  <\/code><\/p>\n<p><code>CampaignInfo <br \/>  <\/code><\/p>\n<p><code>| where Timestamp &gt; ago(7d) <br \/>  <\/code><\/p>\n<p><code>| where CampaignType has \"Phish\" <br \/>  <\/code><\/p>\n<p><code>| project NetworkMessageId, RecipientEmailAddress, CampaignName, CampaignId, CampaignType  <br \/>  <\/code><\/p>\n<p><code>| join (EmailEvents | where Timestamp &gt; ago(7d)) on NetworkMessageId, RecipientEmailAddress  <br \/>  <\/code><\/p>\n<p><code>| project Timestamp, NetworkMessageId, Subject, SenderMailFromAddress, RecipientEmailAddress, LatestDeliveryLocation, LatestDeliveryAction, CampaignId, CampaignName, CampaignType<\/code><\/p>\n<p><code><br \/>  <\/code><\/p>\n<p><code>\/\/Files identified as Malware modified in last 1 day<br \/>  <\/code><\/p>\n<p><code>FileMaliciousContentInfo<\/code>  <\/p>\n<p><code>| where ThreatTypes == \"Malware\"<br \/>  <\/code><\/p>\n<p><code>| where LastModifiedTime &gt; ago(1d)<\/code><\/p>\n<p><code><br \/>  <\/code><\/p>\n<p>[\u6e96\u5099\u306b\u5fc5\u8981\u306a\u3053\u3068:]<\/p>\n<p>\u3053\u306e\u30ed\u30fc\u30eb\u30a2\u30a6\u30c8\u306f\u3001\u6307\u5b9a\u3055\u308c\u305f\u65e5\u4ed8\u307e\u3067\u306b\u81ea\u52d5\u7684\u306b\u884c\u308f\u308c\u3001\u30ed\u30fc\u30eb\u30a2\u30a6\u30c8\u524d\u306b\u7ba1\u7406\u8005\u306e\u30a2\u30af\u30b7\u30e7\u30f3\u306f\u5fc5\u8981\u3042\u308a\u307e\u305b\u3093\u3002\u73fe\u5728\u306e\u69cb\u6210\u3092\u78ba\u8a8d\u3057\u3066\u3001\u7d44\u7e54\u3078\u306e\u5f71\u97ff\u3092\u8a55\u4fa1\u3057\u307e\u3059\u3002\u3053\u306e\u5909\u66f4\u306b\u3064\u3044\u3066\u30e6\u30fc\u30b6\u30fc\u306b\u901a\u77e5\u3057\u3001\u95a2\u9023\u3059\u308b\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u3092\u66f4\u65b0\u3059\u308b\u3053\u3068\u3092\u304a\u52e7\u3081\u3057\u307e\u3059\u3002<\/p>\n<p>\u30d1\u30d6\u30ea\u30c3\u30af \u30d7\u30ec\u30d3\u30e5\u30fc\u306e\u30ed\u30fc\u30eb\u30a2\u30a6\u30c8\u5f8c\u3001\u3053\u306e\u6295\u7a3f\u3092\u65b0\u3057\u3044\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u3067\u66f4\u65b0\u3057\u307e\u3059\u3002<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>MC1088729 | (Updated) Microsoft Defender for Office 365: Two new data tables in Advanced hunting (preview) Cla [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-12393","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/12393","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/comments?post=12393"}],"version-history":[{"count":0,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/12393\/revisions"}],"wp:attachment":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/media?parent=12393"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/categories?post=12393"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/tags?post=12393"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}