Microsoft Introduces File Attachment Support in Case Management to Streamline Threat Investigations

Microsoft has announced the public preview of file attachment support in Case Management, a new feature that lets administrators seamlessly upload and organize essential documents directly within a case. This enhancement streamlines investigations by keeping all relevant evidence in one secure, centralized location.

Microsoft Defender Case Management is a built-in feature that allows security teams to manage and investigate threats more effectively. It works like a centralized workspace where security analysts can collect evidence, track progress, assign tasks, and document findings within a case. This service makes it easier to coordinate responses to complex security incidents without switching between multiple tools.

What are the benefits of File Attachments for Case Management?

Microsoft highlighted several benefits of the new file attachment feature in Case Management. It helps security teams stay organized by keeping all documents (such as reports, emails, and screenshots) in one centralized location. This eliminates the need to search through emails or juggle multiple storage systems to find important information.

With file attachments, administrators can organize all case-related material (like contracts, evidence, and client communications) in one place. This centralized documentation makes audits, detailed reviews, and future reference much easier and more efficient.

“Minimize errors and increase confidence in case outcomes by leveraging all relevant information related to a case. Comb over vulnerability assessments, patch documentation, configuration changes, etc., and ensure you have all the context you need about a case,” Microsoft explained.

To add attachments to a case, IT admins simply navigate to the Case Details page and click on the Attachments tab. From there, they can select a file and wait a few seconds for the upload to finish. The file is automatically scanned in the background for malware. Once the scan is complete, anyone with access to the case can download the file.

Microsoft notes that each tenant is provided with 500 GB of storage for case attachments. All files are stored in the same geographic region as the tenant to ensure compliance with data residency requirements. Customers uploading malware samples for investigation must zip and password-protect them; otherwise, unprotected malicious files will be automatically removed by the malware scanner.

Lastly, Microsoft plans to introduce a new feature that will let security teams attach files and screenshots directly within comments on a case. This capability should make it easier to track context, collaborate, and respond faster during investigations.