This repository will centralize articles and real-world examples related to Microsoft Defender for Office 365, with a specific focus on Exchange Online and email protection.
Microsoft Defender for Office 365 offers multiple layers of protection to detect, investigate, and respond to threats targeting Exchange Online.
This repository aims to share use cases, hunting queries, investigation scenarios, and technical notes based on real-life experience in production environments.
- π― Targeted attack protection (phishing, spoofing, malware)
- π§ Threat investigation using Microsoft 365 Defender and Email Entity
- π¬ Message headers analysis (SPF, DKIM, DMARC)
- π Advanced Hunting (KQL queries focused on email events)
- ποΈ Email Quarantine & Threat Explorer
- π Auto-remediation and manual response workflows
- π οΈ PowerShell scripts for reporting or investigation
All content in this repository is shared for educational purposes and based on hands-on experience.
Articles will be added progressively as they are written and validated.
This repository is published under the CC BY 4.0 license.