Microsoft Launches 'Threat Tracker' in Office 365 Security Service

A new "Threat Tracker" capability is now generally available in Microsoft's Office 365 Threat Intelligence service, the company announced this week.

Available via Exchange Online and SharePoint Online, the Office 365 Threat Intelligence service is used for security tracking and compliance purposes, providing insights into malware and phishing attempts in e-mail, as well as end user behavior.

Threat Tracker is a new component in the Office 365 Threat Intelligence service, which gets accessed using the Office 365 Security and Compliance Center Web portal. Threat Tracker was one of the developments announced during Microsoft's September Ignite event last year, according to this list compiled by Office 365 and Azure consulting firm MessageOps.

The Office 365 Threat Intelligence service has four Threat Tracker views with their own graphical displays. The four views are called "Noteworthy Campaigns," "Trending Campaigns," "Saved Query" and "Tracked Query."

The Noteworthy Campaigns view is an automated monitoring process with remediation capabilities that shows big attacks, such as the Petya and WannaCry malware. The Trending Campaigns view is a tenant-level view of trends classified by malware families, showing "new and targeted threats that are observed in your organization." Organizations can be assured they are being targeted if the "targeting percentage is more than 10 percent," according to the announcement. There's also a Saved Query view for the research that IT pros conduct, as well as a Tracked Query view for selected threats, such as malware and phishing attempts.

Tracked queries will continue to run, in contrast to saved queries, according to a demo explanation by John Engels, a senior program manager at Microsoft, who helped create the Threat Tracker feature. Engels showed off Threat Tracker in this May 30 on-demand Microsoft video (requires sign-up). The demo of Threat Tracker happens about midway through the video.

Microsoft commercially released the Office 365 Threat Intelligence service last year. It's offered via Office 365 Enterprise E5 subscription plans, or the licensing can be purchased as an add-on subscription, according to this Microsoft document. Office 365 Threat Intelligence has other tools besides Threat Tracker, notably its Threat Explorer and Attack Simulator components. The Attack Simulator tool adds a little fun by letting IT pro simulate three different kinds of attack scenarios (phish, brute force and cracking) on end users to discover any potential weaknesses.

During the video, Debraj Ghosh, senior product marketing manager at Microsoft, said that Microsoft is planning to add more attack scenarios to the Attack Simulator tool in "the next few months."

Microsoft's various security products are typically interrelated, making it difficult to figure out which does what. The Office 365 Threat Intelligence service, for instance, works with the Exchange Online Protection service and the Office 365 Advanced Threat Protection service, both of which handle different aspects of security. The underlying technology behind them is the Microsoft Security Graph. This slide from the video outlines that relationship:

[Click on image for larger view.] Office 365 Threat Intelligence works with Exchange Online Protection and Office 365 Advanced Threat Protection using underlying Microsoft Security Graph technology. (Source: May 30 Microsoft video)

The "graph" term was recently defined by Microsoft as a "cloud-backed data store" that gets assessed using artificial intelligence. The Microsoft Security Graph also gets supplemented by security analysis from the team at the Microsoft Threat Intelligence Center. 

Microsoft uses Office 365 Advanced Threat Protection to find unknown threats, while Office 365 Threat Intelligence is used to get "better visibility into the cybersecurity landscape," according to a description in this Microsoft "IT Showcase" publication.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • Phishing Attacks Impersonate Microsoft's Brand the Most

    Security solutions firm Check Point this week gave Microsoft the dubious distinction of being the "most imitated" company used for phishing attacks.

  • Remote Work To Drive Higher Cloud, IT Services Spending in 2021

    Global tech spending has taken a hit in 2020 due to the COVID-19 pandemic, but analysts expect it to rebound next year.

  • 2020 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss. (Now updated with COVID-19-related event changes.)

  • The 2020 Microsoft Product Roadmap

    From the next major update to Windows 10 to the next generations of .NET and PowerShell, here's what's on tap from Microsoft this year.