Microsoft is currently working on developing a new feature called “Auto-Investigation with threat playbooks” to its Office 365 E5 bundle for enterprises.
The feature was included in the Office 365 roadmap on October 10, but it has now received an extra entry tagged with “GCC” which most probably shows that the feature will also be part of Microsoft’s Office 365 Government GCC offering (.DOC) of “cloud productivity services designed for the United States government and government contractors.”
Microsoft offers extra personnel screening, data residency, and compliance accreditations commitments through its GCC offering to meet the particular requirements of US Government customers.
It provides Office 365 services with additional guarantees regarding compliance accreditations, personnel screening, and data residency to meet the unique requirements of US Government customers.
Threat playbooks to be part of Office 365 Threat Explorer
Office 365 E5 includes well-known Office tools such as Word, Excel, PowerPoint, Outlook, SharePoint, OneNote, Publisher, OneDrive, Microsoft Teams, and Access, as well as online services ranging from online services Online Meetings and Audio Conferencing to Threat intelligence and Advanced security.
As part of the Threat Intelligence service which provides “a collection of insights and information available in the Office 365 Security & Compliance Center,” Microsoft includes the Threat Explorer, a tool designed to help users analyze threats and see the exact number of attacks over time.
With the help of the Threat Explorer tool, Office 365 users are also able to “analyze data by threat families, attacker infrastructure, and more. The Threat Explorer is the starting place for any security analyst’s investigation workflow.”
If your organization has Office 365 Threat Intelligence, and you have the necessary permissions, you can use Explorer to identify and analyze threats. For example, you can identify and delete malicious email that was delivered, or see malware that was caught by Office 365 security features.
According to Microsoft’s Threat Intelligence documentation page, to “view and use this report, in the Security & Compliance Center, go to Threat management > Explorer.”
New feature to be released during Q2 CY2019
The Threat Explorer is where the “threat playbooks” will come in to play when implemented, allowing users to initiate automated threat investigations.
Auto-investigation capabilities for threats will be available in Office 365 E5. Also, there will be key threat playbooks available at this time also.
Ability to trigger automated investigations using the playbooks from Threat Explorer also will go live.
The new and still in development “Auto-Investigation with threat playbooks” feature was added to the Office 365 roadmap on January 7, and it will be released sometime during Q2 CY2019.