Announcement ID | MC794815 | Published Date | 05-21-2024 | |
Service | Microsoft365Defender | Last Updated | 08-15-2024 | |
Category | Stay informed | Expiration Date | 10-21-2024 | |
Roadmap ID | Action Required by Date | |||
Tags | Admin impact, Feature update |
Summary |
---|
Microsoft Defender XDR is introducing Sender's copy clean-up features to enhance email remediation. This includes integration with Soft delete, wide support across platforms, and an undo capability. It applies to intra-organization and outbound emails, with a rollout expected from end of May to early September 2024. Admins will have improved management of Sent items with no action required before the rollout. |
More Information |
---|
Coming soon to Microsoft Defender XDR: We will enhance email remediation capabilities with new Sender's copy clean-up features in Threat Explorer, email entity, Summary Panel, and Advanced hunting. These new features will streamline the process of managing Sent items, particularly for admins who use Soft delete and Move to inbox actions. Key Features
Note: Sender's copy clean-up will apply to intra-organization emails and outbound emails, ensuring that only the sender's copy is soft deleted for these emails and inbound messages are out of scope. When this will happen:General Availability (Worldwide): We will begin rolling out end of May 2024 and expect to complete by early September 2024 (previously late July). How this will affect your organization:Before this rollout, admins did not have a way to remove harmful emails from a sender's Sent items. After rollout: This step-by-step scenario explains the functionality of Sender's copy clean-up: You as the admin have already investigated in Threat Explorer, email entity, or Advanced hunting and have selected entities to remediate. 1. Create remediation: After your entity selection, you choose an action and create the remediation. For the Soft delete action, these items will be visible in the Take action wizard:
2. As the remediation begins: the approval ID to track the action is displayed (Note: This is the same as before the rollout.) 3. Track the remediation status: The Unified Action Center (Actions & submissions > Action center > History) contains all the approved actions. You can open any manual remediation action entry in Action center to:
4. Undo sent items: The undo capability ensures that you have greater control and flexibility when managing email remediation, providing a safety net for actions taken in error or needing revision. Select the checkbox for Move to Inbox to trigger undo for the recipient copy and previously deleted sender's copy of a message. From Advanced hunting: The Delete sender's copy option under Delete email > Soft delete: From Threat Explorer: The Delete sender's copy option under Move to mailbox folder > Soft delete: From Threat Explorer: The Undo sender's copy option under Move to mailbox folder > Inbox: What you need to do to prepare:This rollout will happen automatically by the specified date with no admin action required before the rollout. You may want to notify your admins about this change and update any relevant documentation as appropriate. |