This guide will allow an administrator to identify the users that are currently generating the alert tied to suspicious mail patterns and prevent the prolonging of this activity prior to a sending block being placed upon the organization.
- Navigate to the Explorer – Office 365 Defender portal, verify that the All Email tab is selected. Utilizing the supplied fields for applying filters, specify the necessary drop downs to reflect Sender Domain, Equals Any Of, and lastly supply the Domain Name registered with the tenant since this is tied to the Suspicious tenant sending patterns observed alert which indicates that more than one user is showing indication of compromise. Hitting Enter will propagate a list of emails sent from all users possessing the designated tenant domain name, here you will be able to analyze messages that could fall within the identified suspicious activity.
Need Assistance?
Reach out to your Customer Success Manager to discuss how a Sittadel cybersecurity analyst can assist in managing these tasks for you. New to our services? Inquire about arranging a consultation to explore optimizing your Azure environment for painless management.