Office 365 gets improved malicious email analysis in August

by Milan Stanojevic
Milan Stanojevic
Milan Stanojevic
Windows & Software Expert
Milan has been enthusiastic about PCs ever since his childhood days, and this led him to take interest in all PC-related technologies. Before joining WindowsReport, he worked as... read more
Affiliate Disclosure
Office 365 malicious email analysis

Microsoft is finally improving the manual threat hunting features available in Office 365 Threat Explorer. The company will release new malicious email analysis tools to all users in August this year.

The newly added functionality will be pretty useful for Office 365 admins. They will get sufficient access to the Threat Explorer. It will allow them to easily analyze malicious emails by downloading them.

Not only this, but Microsoft is also bringing Email timeline and Email Status features as well.

Email timeline

So, Office 365 Threat Explorer will also offer an email timeline. The timeline is helpful in the case when you need to analyze the malicious email based on various events triggered against it.

If Microsoft goes ahead with the plan, the hunting process is going to be a lot simpler and easier. Previously, Office 365 admins had to spend most of their time on analyzing different factors.

This problem will be resolved now. Microsoft explains in the Microsoft 365 roadmap entry:

Timeline view for an email: Email timeline is a new feature underway to make hunting simpler for admins. In case of multiple events occurring on the same email, that would be shown in a timeline view so the admin won’t have to hunt down at different places to understand the email events.

Email Status

Finally, you will now see the emails in two separate columns. These columns will inform you about the delivery status of an email. The first column Delivery action shows that if the email has been blocked, added to junk, replaced and removed by ZAP.

Furthermore, the second column delivery location informs the users about the exact location of any particular email.

We’re going to split the existing delivery status into more accurate values and simpler relatable names to define it. Delivery status is renamed to “Delivery action” and “Delivery location” is another column which is added to indicate the location of an email. There might be events which occur post-delivery of an email, they are captured under the column “Special action”.

Microsoft explains that these options will help the admins to understand the actions against that email. These features will be rolled out in a specific order.

Microsoft plans to release the delivery status feature in the first phase. The Timeline view is scheduled for a release in the second phase.

You should expect the email preview and download option at the end.


This article covers:Topics: