This guide will allow an administrator to determine if the URL that was identified to be potentially malicious but was still handled by the user regardless of the warning is either a false positive or a potential indicator of compromise.
- Navigate to the Explorer – Office 365 Defender portal, verify that the URL Clicks tab is selected. Utilizing the supplied fields for applying filters, specify the necessary drop downs to reflect Recipients, Equals Any Of, and lastly supply the User Address that was designated within the generated A user clicked through to a potentially malicious URL alert. Hitting Enter will propagate a list of URLs click actions that have been carried out by the designated user, here you will be able to analyze URLs that could house malicious content.
Need Assistance?
Reach out to your Customer Success Manager to discuss how a Sittadel cybersecurity analyst can assist in managing these tasks for you. New to our services? Inquire about arranging a consultation to explore optimizing your Azure environment for painless management.