Microsoft 365 Defender: New in Microsoft Defender for Office 365

This video introduces the move of Microsoft Defender for Office 365 into the Microsoft 365 Defender portal, framing it as a major upgrade for investigating and responding to email-based threats. It contrasts Defender for Office 365 Plan 1 protection (email, links, collaboration tools) with Plan 2’s post-breach capabilities (automation, investigation, remediation), then spotlights what gets better in the unified experience: incident-driven investigations that correlate alerts into a single story (with Microsoft citing nearly an 80% reduction in case volume), deeper mailbox and evidence views (malicious email clusters, URLs, files, configurations), and a richer email entity page with authentication/detection details, override visibility, plus email and header previews. It also highlights attachment detonation details (observed files, IPs, URLs, screenshots, behaviors), “Go hunt” pivots into Advanced hunting, standardized investigation pages for automated investigations, and the Action Center for reviewing pending actions, bulk approve/reject, and full action history—including decisions made by automation.

We built this as a product-tour demo that keeps the value crystal clear while still showing the exact places security teams will live: incidents, evidence, email analysis, investigations, action review, and hunting. The screen flow is deliberately choreographed so each feature arrives with context—not as a random click safari—and the edit keeps momentum while letting the key UI details stay readable. The result is a polished walkthrough you can hand to analysts and admins alike: fewer disconnected alerts, faster investigation pivots, and more time spent hunting persistent threats instead of babysitting triage. Final delivery includes closed captions, audio description, and thumbnails.