This guide will allow an administrator to verify if the alert received is genuine or if it is a false positive, if the activity identified is truly malicious necessary steps will need to be carried to a prevent tenant wide sending block.
- Navigate to the Explorer – Office 365 Defender portal, verify that the All Email tab is selected. Utilizing the supplied fields for applying filters, specify the necessary drop downs to reflect Sender Address, Equals Any Of, and lastly supply the User Address that was designated within the generated Suspicious email sending patterns detected alert. Hitting Enter will propagate a list of emails send from the designated user, here you will be able to analyze messages that could fall within the identified suspicious activity.
Need Assistance?
Reach out to your Customer Success Manager to discuss how a Sittadel cybersecurity analyst can assist in managing these tasks for you. New to our services? Inquire about arranging a consultation to explore optimizing your Azure environment for painless management.