A user reports receiving a suspicious email that bypassed the spam filter. An analyst opens the Microsoft 365 Defender portal to investigate. Which component provides a detailed entity view of the email including delivery actions, phish simulation details, and campaign information?
Trap 1: Microsoft Defender for Endpoint
Defender for Endpoint provides endpoint detection and response, not email investigation.
Trap 2: Microsoft Defender for Identity
Defender for Identity monitors user activities and identifies lateral movement, not email entities.
Trap 3: Microsoft Defender for Cloud Apps
Defender for Cloud Apps provides visibility into cloud app usage and access policies, not email investigation.
- A
Microsoft Defender for Endpoint
Why wrong: Defender for Endpoint provides endpoint detection and response, not email investigation.
- B
Microsoft Defender for Office 365 (Threat Explorer)
Threat Explorer provides a detailed email entity view including delivery actions, phish simulation, and campaign information.
- C
Microsoft Defender for Identity
Why wrong: Defender for Identity monitors user activities and identifies lateral movement, not email entities.
- D
Microsoft Defender for Cloud Apps
Why wrong: Defender for Cloud Apps provides visibility into cloud app usage and access policies, not email investigation.