This demo introduces Advanced hunting in Microsoft 365 Defender as the place you go when you need answers that dashboards can’t give you yet. It frames hunting as proactive investigation—querying raw telemetry across endpoints, identity, email, cloud apps, and more—then walks through the Advanced hunting experience: choosing from built-in schemas/tables, writing KQL queries, and iterating quickly using the results grid. The video highlights common analyst moves like filtering by time window, pivoting from entities and incident evidence into hunts, and using query results to scope an investigation, validate hypotheses, and uncover related activity that may not have been surfaced as an incident.
We produced this as an on-ramp that makes hunting feel approachable rather than intimidating. Preproduction shaped the story around how analysts actually work (start broad, refine, follow the evidence), production captured clean screens with steady, plain-English narration, and post kept the pace brisk while still letting key concepts land. Final delivery includes closed captions, audio description, and thumbnails.
The inevitable sequels
Hollywood keeps stretching good ideas into progressively worse sequels. We don’t. These are the related videos—spiritual siblings of the one you just watched—as good or better than this video. Expect callbacks, new plot twists, and maybe even a scene-stealing cameo from a lower third.
