{"id":12700,"date":"2025-09-04T09:01:40","date_gmt":"2025-09-04T00:01:40","guid":{"rendered":"https:\/\/m365jp.net\/?p=12700"},"modified":"2025-09-04T09:12:41","modified_gmt":"2025-09-04T00:12:41","slug":"mc1147387-microsoft-defender-for-office-365-alert-experience-enhancements-for-faster-triage","status":"publish","type":"post","link":"https:\/\/m365jp.net\/index.php\/2025-09-04-mc1147387-microsoft-defender-for-office-365-alert-experience-enhancements-for-faster-triage","title":{"rendered":"MC1147387 | Microsoft Defender for Office 365: Alert experience enhancements for faster triage"},"content":{"rendered":"<div class=\"postie-post\">\n<div>\n<hr>\n<table id=\"section\">\n<tbody>\n<tr>\n<th width=\"95%\">MC1147387 | Microsoft Defender for Office 365: Alert experience enhancements for faster triage<\/th>\n<\/tr>\n<\/tbody>\n<\/table>\n<hr>\n<table id=\"data\">\n<tbody>\n<tr>\n<th>Classification<\/th>\n<td>stayInformed<\/td>\n<\/tr>\n<tr>\n<th>Last Updated<\/th>\n<td>09\/03\/2025 23:25:12<\/td>\n<\/tr>\n<tr>\n<th>Start Time<\/th>\n<td>09\/03\/2025 23:24:58<\/td>\n<\/tr>\n<tr>\n<th>End Time<\/th>\n<td>01\/31\/2026 08:00:00<\/td>\n<\/tr>\n<tr>\n<th>Message Content<\/th>\n<td>\n<p><b>Introduction<\/b><\/p>\n<p>We\u2019re improving the alert experience in Microsoft Defender for Office 365 (MDO) to help security teams triage alerts more efficiently. These updates reduce alert fatigue by consolidating related signals into single, richer alerts\u2015without compromising detection   fidelity or coverage.<\/p>\n<p>  <b>When this will happen<\/b>  <\/p>\n<p>General Availability (Worldwide, GCC, GCC High, DoD): Rollout begins mid-September 2025 and will complete by late November 2025. Updates will be delivered incrementally during this period.<\/p>\n<p>  <b>How this affects your organization<\/b>  <\/p>\n<ul>  <\/p>\n<li><b>Fewer near-duplicate alerts:<\/b> Closely related signals will be grouped, reducing clutter in the alert list.<\/li>\n<p>  <\/p>\n<li><b>Richer alert detail: <\/b>Alerts will include impacted entities (e.g., users, recipients), key identifiers (e.g., message\/network IDs), and timelines. Evidence such as URLs, attachments, and IPs remains accessible.<\/li>\n<p>  <\/p>\n<li><b>Preserved triage workflows: <\/b>Existing pivots like <i>Open message in Explorer<\/i>,  <i>View timeline<\/i>, and <i>List impacted entities<\/i>&nbsp;remain unchanged. Severity and categorization are unaffected.<\/li>\n<p>  <\/p>\n<li><b>Incident correlation: <\/b>Incidents may contain fewer child alerts but with denser evidence per alert.<\/li>\n<p>  <\/p>\n<li><b>APIs and reporting:<\/b> No schema changes. You may observe lower raw alert counts with higher per-alert density. Dashboards and automation referencing alert IDs will continue to function.<\/li>\n<p>  <\/ul>\n<p>  <\/p>\n<p>This feature is on by default and requires no configuration changes.<\/p>\n<p>  <b>What you can do to prepare<\/b>  <\/p>\n<ul>  <\/p>\n<li><b>Review automation logic:<\/b> Ensure playbooks and scripts can handle alerts with multiple entities and richer context.<\/li>\n<p>  <\/p>\n<li><b>Review alert metrics: <\/b>If you track alert counts, consider also measuring how many users or messages are included in each alert, what actions are taken, and how long it takes to respond and resolve (mean time to acknowledge and mean time to resolve).<\/li>\n<li><b>Communicate with SecOps teams: <\/b>Set expectations around reduced alert volume with maintained evidence depth.<\/li>\n<p>  <\/ul>\n<p>  <\/p>\n<p>No policy or configuration changes are required before rollout.<\/p>\n<p>  <b>Compliance considerations<\/b>  <\/p>\n<p>No compliance considerations identified, review as appropriate for your organization.  <\/p>\n<\/p>\n<\/td>\n<\/tr>\n<tr>\n<th>Machine Translation<\/th>\n<td>\n<p><b>B\u4ecb<\/b><\/p>\n<p>Microsoft Defender for Office 365 (MDO) \u306e\u30a2\u30e9`\u30c8 \u30a8\u30af\u30b9\u30da\u30ea\u30a8\u30f3\u30b9\u3092\u6539\u5584\u3057\u3066\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30c1`\u30e0\u304c\u30a2\u30e9`\u30c8\u3092\u3088\u308a\u67ef\u5b9e\u819c\u8870\u53bb\u8f9a`\u30b8\u3067\u304d\u308b\u3088\u3046\u306b\u3057\u3066\u3044\u307e\u3059\u3002\u3053\u308c\u3089\u306e\u30a2\u30c3\u30d7\u30c7`\u30c8\u306b\u3088\u308a\u3001\u98df\u8a3e\u6c83g\u5ea6\u3084\u30ab\u30d0\u30ec\u30c3\u30b8\u3092p\u306a\u3046\u3053\u3068\u306a\u304f\u3001vB\u3059\u308b\u30b7\u30b0\u30ca\u30eb\u3092g\u4e00\u306e\u3088\u308aN\u5bcc\u306a\u30a2\u30e9`\u30c8\u306by\u5408\u3059\u308b\u3053\u3068\u3067\u3001\u30a2\u30e9`\u30c8\u306e\u75b2\u6c26Xp\u3055\u308c\u307e\u3059\u3002<\/p>\n<p>  <b>\u3053\u308c\u304c\u3044\u3064\u8d77\u3053\u308b\u304b<\/b>  <\/p>\n<p>\u4e00\u822c\u63d0\u4f9b (\u5168\u4e16\u754c\u3001GCC\u3001GCC High\u3001DoD): \u30ed`\u30eb\u30a2\u30a6\u30c8\u306f 2025 \u5e74 9 \u6708\u4e2d\u65ec\u306b_\u59cb\u3055\u308c\u30012025 \u5e74 11 \u6708\u4e0b\u65ec\u307e\u3067\u306b\u5b8c\u4e86\u3059\u308b\u4e88\u5b9a\u3067\u3059\u3002\u3053\u306e\u671fg\u4e2d\u3001\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u306f\u6bb5A\u7684\u306b\u914d\u4fe1\u3055\u308c\u307e\u3059\u3002<\/p>\n<p>  <b>\u3053\u308c\u304cM\u306b\u4e0e\u3048\u308b\u5f71<\/b>  <\/p>\n<ul>  <\/p>\n<li><b>\u91cd}\u306b\u8fd1\u3044\u30a2\u30e9`\u30c8\u306ep\u5c11:<\/b> \u5bc6\u63a5\u306bvB\u3059\u308b\u4fe1\u53f7\u304c\u30b0\u30eb`\u30d7\u5316\u3055\u308c\u3001\u30a2\u30e9`\u30c8 \u30ea\u30b9\u30c8\u306e\u4e71j\u3055\u304cXp\u3055\u308c\u307e\u3059\u3002<\/li>\n<p>  <\/p>\n<li><b>\u3088\u308aN\u5bcc\u306a\u30a2\u30e9`\u30c8\u306e: <\/b>\u30a2\u30e9`\u30c8\u306b\u306f\u3001\u5f71\u3092\u53d7\u3051\u308b\u30a8\u30f3\u30c6\u30a3\u30c6\u30a3 (\u30e6`\u30b6`\u3001\u53d7\u4fe1\u8005\u306a\u3069)\u3001\u4e3b\u8981\u306aRe\u5b50 (\u30e1\u30c3\u30bb`\u30b8\/\u30cd\u30c3\u30c8\u30ef`\u30af ID \u306a\u3069)\u3001\u30bf\u30a4\u30e0\u30e9\u30a4\u30f3\u304c\u542b\u307e\u308c\u307e\u3059\u3002URL\u3001\u6dfb\u4ed8\u30d5\u30a1\u30a4\u30eb\u3001IP \u306a\u3069\u306e^\u306b\u306f\u5f15\u304dA\u304d\u30a2\u30af\u30bb\u30b9\u3067\u304d\u307e\u3059\u3002<\/li>\n<p>  <\/p>\n<li><b>\u4fdd\u6301\u3055\u308c\u305f\u30c8\u30ea\u30a2`\u30b8 \u30ef`\u30af\u30d5\u30ed`: <\/b>\u30a8\u30af\u30b9 <i>\u30d7\u30ed`\u30e9`\u3067\u30e1\u30c3\u30bb`\u30b8\u3092_\u304f<\/i>\u3001 <i>\u30bf\u30a4\u30e0\u30e9\u30a4\u30f3\u306e\u8868\u793a<\/i>\u3001 <i>\u5f71\u3092\u53d7\u3051\u308b\u30a8\u30f3\u30c6\u30a3\u30c6\u30a3<\/i>&nbsp;\u306e\u4e00E\u8868\u793a\u306a\u3069\u306e\u65e2\u5b58\u306e\u30d4\u30dc\u30c3\u30c8\u306f\u6d93\u4e39\u6b37\u84fc\u62a4\u87c6\uff36\u536e\u8816\u8da3\u786e\u8bf8\u306f\u5f71\u3092\u53d7\u3051\u307e\u305b\u3093\u3002<\/li>\n<p>  <\/p>\n<li><b>\u30a4\u30f3\u30b7\u30c7\u30f3\u30c8\u306e\u76f8vvS: <\/b>\u30a4\u30f3\u30b7\u30c7\u30f3\u30c8\u306b\u542b\u307e\u308c\u308b\u5b50\u30a2\u30e9`\u30c8\u306f\u5c11\u306a\u304f\u3066\u3082\u3001\u30a2\u30e9`\u30c8\u3054\u3068\u306e^\u306f\u5bc6\u5ea6\u304c\u9ad8\u304f\u306a\u308a\u307e\u3059\u3002<\/li>\n<p>  <\/p>\n<li><b>API \u3068\u30ec\u30dd`\u30c8:<\/b> \u30b9\u30ad`\u30de\u306e\u6d93\u6089\u8f98\u84fc\u62a4\u87c6\uff29\u8fdd\u6939`\u30c8\u6570\u304c\u5c11\u306a\u304f\u306a\u308b\u3068\u3001\u30a2\u30e9`\u30c8\u3054\u3068\u306e\u5bc6\u5ea6\u304c\u9ad8\u3044\u9f8a\u6089\u8f98\u84fc\u57c2\uff05\u6939`\u30c8 ID \u3092\u53c2\u7167\u3059\u308b\u30c0\u30c3\u30b7\u30e5\u30dc`\u30c9\u3068\u81ea\u8e0a\u5f26A\u304dC\u80fd\u3057\u307e\u3059\u3002<\/li>\n<p>  <\/ul>\n<p>  <\/p>\n<p>\u3053\u306eC\u80fd\u306f\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u30aa\u30f3\u306b\u306a\u3063\u3066\u304a\u308a\u3001O\u5b9a\u3092\u6d93\u5de5\u6c21\u533e\u6089\u8f98\u84fc\u62a4\u87c6<\/p>\n<p>  <b>\u6d43\u5de5\u6bea\u90e1\u5e5b\u6454\u6266\u6bea\u957f<\/b>  <\/p>\n<ul>  <\/p>\n<li><b>\u81ea\u8e0a\u6041\u5f17\u6c13\u867c_J\u3057\u307e\u3059\u3002<\/b> \u30d7\u30ec\u30a4\u30d6\u30c3\u30af\u3068\u30b9\u30af\u30ea\u30d7\u30c8\u304c\u3001}\u6570\u306e\u30a8\u30f3\u30c6\u30a3\u30c6\u30a3\u3068\u3088\u308aN\u5bcc\u306a\u30b3\u30f3\u30c6\u30ad\u30b9\u30c8\u3092\u6301\u3064\u30a2\u30e9`\u30c8\u3092I\u7406\u3067\u304d\u308b\u3053\u3068\u3092_J\u3057\u307e\u3059\u3002<\/li>\n<p>  <\/p>\n<li><b>\u30a2\u30e9`\u30c8 \u30e1\u30c8\u30ea\u30c3\u30af\u3092_J\u3057\u307e\u3059\u3002 <\/b>\u30a2\u30e9`\u30c8\u6570\u3092\u8ffdE\u3059\u308b\u9f8a\u6089\u7a00\u248f\u9cd0\u6939`\u30c8\u306b\u542b\u307e\u308c\u308b\u30e6`\u30b6`\u6570\u307e\u305f\u306f\u30e1\u30c3\u30bb`\u30b8\u306e\u6570\u3001g\u884c\u3055\u308c\u305f\u30a2\u30af\u30b7\u30e7\u30f3\u3001\u7b54\u3068\u89e3Q\u306b\u304b\u304b\u308brg (_J\u307e\u3067\u306e\u5e73\u5747rg\u3068\u89e3Q\u307e\u3067\u306e\u5e73\u5747rg) \u306ey\u5b9a\u3082\u89c6\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/li>\n<li><b>SecOps \u30c1`\u30e0\u3068\u30b3\u30df\u30e5\u30cb\u30b1`\u30b7\u30e7\u30f3\u3092\u3068\u308b: <\/b>^\u306e\u6df1\u3055\u3092S\u6301\u3057\u306a\u304c\u3089\u3001\u30a2\u30e9`\u30c8\u91cf\u306e\u524ap\u306bv\u3059\u308b\u671f\u5f85\u3092O\u5b9a\u3057\u307e\u3059\u3002<\/li>\n<p>  <\/ul>\n<p>  <\/p>\n<p>\u30ed`\u30eb\u30a2\u30a6\u30c8\u524d\u306b\u30dd\u30ea\u30b7`\u3084\u6210\u3092\u6d93\u5de5\u6c21\u533e\u6089\u8f98\u84fc\u62a4\u87c6<\/p>\n<p>  <b>\u30b3\u30f3\u30d7\u30e9\u30a4\u30a2\u30f3\u30b9\u306bv\u3059\u308b\u8003]\u4e8b<\/b>  <\/p>\n<p>\u30b3\u30f3\u30d7\u30e9\u30a4\u30a2\u30f3\u30b9\u306bv\u3059\u308b\u8003]\u4e8b\u304c\u7279\u5b9a\u3055\u308c\u3066\u3044\u306a\u3044\u9f8a\u6089\u7a00\u2494M\u306b\u3058\u3066_J\u3057\u307e\u3059\u3002<\/p>\n<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>MC1147387 | Microsoft Defender for Office 365: Alert experience enhancements for faster triage Classification  [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-12700","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/12700","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/comments?post=12700"}],"version-history":[{"count":0,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/12700\/revisions"}],"wp:attachment":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/media?parent=12700"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/categories?post=12700"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/tags?post=12700"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}