{"id":13738,"date":"2025-11-12T10:01:05","date_gmt":"2025-11-12T01:01:05","guid":{"rendered":"https:\/\/m365jp.net\/?p=13738"},"modified":"2025-11-12T10:02:21","modified_gmt":"2025-11-12T01:02:21","slug":"mc1184997-microsoft-defender-for-o365-new-email-actions-available-in-advanced-hunting","status":"publish","type":"post","link":"https:\/\/m365jp.net\/index.php\/2025-11-12-mc1184997-microsoft-defender-for-o365-new-email-actions-available-in-advanced-hunting","title":{"rendered":"MC1184997 | Microsoft Defender for O365: New email actions available in Advanced Hunting"},"content":{"rendered":"<div class=\"postie-post\">\n<div>\n<hr>\n<table id=\"section\">\n<tbody>\n<tr>\n<th width=\"95%\">MC1184997 | Microsoft Defender for O365: New email actions available in Advanced Hunting<\/th>\n<\/tr>\n<\/tbody>\n<\/table>\n<hr>\n<table id=\"data\">\n<tbody>\n<tr>\n<th>Classification<\/th>\n<td>stayInformed<\/td>\n<\/tr>\n<tr>\n<th>Last Updated<\/th>\n<td>11\/12\/2025 00:11:12<\/td>\n<\/tr>\n<tr>\n<th>Start Time<\/th>\n<td>11\/12\/2025 00:11:07<\/td>\n<\/tr>\n<tr>\n<th>End Time<\/th>\n<td>12\/10\/2025 08:00:00<\/td>\n<\/tr>\n<tr>\n<th>Message Content<\/th>\n<td><b>[Introduction:]<\/b>  <\/p>\n<p>This update introduces <b>new remediation actions<\/b> in <i>Microsoft Defender for O365&nbsp;<\/i>that  <b>can be triggered directly<\/b> from the <b>Advanced Hunting interface<\/b>. These actions\u2014previously only available in<i> Threat Explorer<\/i>\u2014include \u201cSubmit to Microsoft\u201d and \u201cInitiate automated investigation.\u201d This enhancement enables security teams to respond   to threats more efficiently and programmatically using custom queries, aligning with customer feedback to streamline incident response workflows.<\/p>\n<p>  <b>[When this will happen:]<\/b>  <\/p>\n<p>General Availability (Worldwide): We began rolling out this feature on November 10, 2025.<\/p>\n<p>  <b>[How this affects your organization:]<\/b>  <\/p>\n<p><i>Who is affected:<\/i><\/p>\n<p>  <\/p>\n<ul>  <\/p>\n<li>Admins and Security Analysts using Microsoft Defender XDR and Advanced Hunting.<\/li>\n<p>  <\/ul>\n<p>  <\/p>\n<p><i>What will happen:<\/i><\/p>\n<p>  <\/p>\n<ul>  <\/p>\n<li>New actions will be available directly from Advanced Hunting results:<br \/> \n<ul>  <\/p>\n<li>Submit to Microsoft<\/li>\n<p>  <\/p>\n<li>Add entries to Tenant allow\/block list<\/li>\n<p>  <\/p>\n<li>Initiate automated investigation<\/li>\n<p>  <\/ul>\n<p>  <\/li>\n<p>  <\/p>\n<li>These actions are <b>enabled automatically<\/b> and <b>available by default<\/b>; they cannot be removed from the user interface.<\/li>\n<p>  <\/p>\n<li>Existing admin policies are respected; no policy changes are required.<\/li>\n<p>  <\/p>\n<li>Threat Explorer will continue to be available; both interfaces will coexist.<\/li>\n<p>  <\/ul>\n<p>  <b>[What you can do to prepare:]<\/b>  <\/p>\n<ul>  <\/p>\n<li>Review and update existing hunting queries and playbooks to incorporate new actions.<\/li>\n<p>  <\/p>\n<li>Communicate the change to SOC teams and relevant stakeholders.<\/li>\n<p>  <\/p>\n<li>Provide training or documentation as needed.<\/li>\n<p>  <\/p>\n<li>If you want to scope access to these actions, use role-based access control (RBAC) in  <i>Microsoft Defender XDR<\/i>.\n<ul>\n<li><b>Click path:<\/b> <b><i>Microsoft 365 Defender portal &gt; Settings &gt; Permissions &gt; Roles<\/i><\/b><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>Learn more:&nbsp;<a href=\"https:\/\/learn.microsoft.com\/defender-xdr\/advanced-hunting-take-action\" target=\"_blank\">Take action on advanced hunting query results in Microsoft Defender XDR &#8211; Microsoft Defender XDR | Microsoft Learn<\/a><\/p>\n<p><b>[Compliance considerations:]<\/b><\/p>\n<p>No compliance considerations identified, review as appropriate for your organization.<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>MC1184997 | Microsoft Defender for O365: New email actions available in Advanced Hunting Classification stayIn [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-13738","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/13738","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/comments?post=13738"}],"version-history":[{"count":0,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/13738\/revisions"}],"wp:attachment":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/media?parent=13738"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/categories?post=13738"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/tags?post=13738"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}