Microsoft has launched a URL page for its Microsoft 365 Defender solution. The new page provides a unified hub that lets security teams investigate URLs and domains as well as take remediation actions.
“Whether it’s pivoting to emails, user clicks, or devices associated with URLs and fully qualified domain names (FQDNs), the enhanced functionality of the URL page reduces the need for context switching and ultimately enables faster investigation and response times. If you want to dive deeper into related entities like emails or users, you can seamlessly pivot to the relevant tabs and continue the investigation from there,” Microsoft explained.
Microsoft mentioned that the new page allows administrators to tag and report a particular URL as a malicious, phishing, or clean entity. It’s also possible to add URLs to Defender for Office 365 block list or the Defender for Endpoint indicator list with a single click.
With the URL page, Microsoft 365 Defender customers can gain detailed insights into the reputation and popularity of URLs. This capability provides all the necessary details required to make informed decisions to secure enterprise environments.
How to access the new URL page in Microsoft 365 Defender
Microsoft notes that the URL and domain page is accessible through the Incident attack story tab, the device timeline via advanced hunting, or from the email side panel and page. From there, IT Admins will need to click the “Search” icon and press “Enter” to view details about the URL.
In addition to the URL page, Microsoft 365 Defender has recently added a new security feature that can automatically detect and disrupt “adversary-in-the-middle” (AiTM) attacks. The AiTM protection capability enables organizations to block lateral movement at an early stage. It also helps administrators to investigate and remediate the impact of the security incident.