Microsoft has rolled out enhanced remediation capabilities in Defender for Office 365 (O365), enabling security teams to initiate automated investigations and other actions directly from the Advanced Hunting interface.
This feature, launched on November 10, 2025, empowers admins and analysts to respond to email threats more swiftly without requiring policy modifications.
The new actions Submit to Microsoft, add entries to the Tenant Allow/Block List, and Initiate Automated Investigation—were previously limited to the Threat Explorer tool but are now integrated into Advanced Hunting.
This allows for programmatic threat hunting using custom
Kusto Query Language (KQL) queries, streamlining workflows for security operations centers (SOCs).
By bringing these tools together, Microsoft addresses customer feedback, reducing the time needed to triage and remediate malicious emails.
cybersecuritynews.com
