Microsoft Defender XDR: Email Hunting Queries Fixed to Reference Correct Connector, Three New Teams/Phish Queries Added

Three email-focused Hunting Queries had a broken connector reference (OfficeATP instead of MicrosoftThreatProtection), suppressing results for orgs using the Defender XDR connector; three new queries covering RMM-via-Teams, alert correlation with Teams messages, and phish-reporter identity are also added. Read More →

Teams Social Engineering Detection: New Hunting Queries for RMM-Based Attacks

Two new hunting queries detect Teams phishing campaigns that lure victims into launching remote access tools, addressing the Storm-1811 / Black Basta cross-tenant attack pattern. Read More →

Microsoft Defender XDR: New Hunting Query for Punycode Lookalike Domain Phishing

Advanced hunting query detects punycode domains using Cyrillic, Greek, and fullwidth ASCII characters to visually impersonate legitimate domains in email and Teams. Read More →

Microsoft Teams Security: 9 Additional Hunting Queries for Advanced Threat Detection

Extended Teams protection hunting coverage with queries for partner impersonation, admin submissions, and external sender analysis. Read More →

Microsoft Teams Security: 7 New Hunting Queries for URL Threat Detection

New hunting queries added to detect malicious URL clicks, ZAP events, and user submissions in Microsoft Teams. Read More →