Microsoft Defender for Office 365 New Dashboard to Provide More Details Across a Range of Threat Vectors

Microsoft today announced the rollout of a revamped customer dashboard in Microsoft Defender for Office 365, designed to deliver unprecedented insights across a broad spectrum of attack vectors. 

The new interface gives security teams real-time visibility into threats blocked before delivery, malicious content remediated post-delivery, and even “missed” incidents, all without sacrificing privacy or performance. 

By exposing granular metrics on features such as Safe Links, Safe Attachments, and Zero-hour Auto Purge, the dashboard empowers CISOs and security architects to make data-driven decisions in an environment where transparency is the new currency of trust.

Key Takeaways
1. Microsoft Defender for Office 365 launches enhanced threat visibility dashboard.
2. Real-world performance comparisons of email security solutions released.
3. Ongoing transparent reporting for data-driven security decisions.

Advanced Threat Visibility

The centerpiece of the announcement is the Overview Dashboard, which unifies multiple threat streams into a single view. 

Security operations teams can monitor the volume of phishing URLs neutralized by Safe Links, the count of malicious files quarantined through Safe Attachments, and the number of messages auto-purged at zero-hour actions taken before users even see suspicious content. 

Beyond simply tallying blocked events, the dashboard surfaces dwell times for post-delivery threats, flagging delayed detections so that teams can tune their policies and workflow integrations. 

By charting activity across Exchange Online, Microsoft Teams, SharePoint, and OneDrive, defenders can now correlate spikes in BEC attempts or malware campaigns with broader collaboration trends.

A companion pane breaks down threat categories, Bulk, Spam, and Malicious, and shows how each Defender capability contributes to overall protection. 

Security architects can pivot from high-level statistics into detailed drill-downs, viewing the top sender domains leveraged in recent phishing waves or the file types most commonly weaponized in malware outbreaks. 

The result is not just a dashboard, but a living intelligence center that turns raw telemetry into actionable operational insights.

Benchmarking Reports

Recognizing that many organizations operate layered email defenses, Microsoft also published two benchmarking reports comparing Secure Email Gateways (SEGs) and Integrated Cloud Email Security (ICES) vendors against Defender for Office 365. 

Unlike synthetic evaluations, these studies use real-world threat data aggregated across millions of mailboxes. 

In one scenario, SEGs placed in front of Defender were measured for pre-delivery misses versus Defender’s own pre- and post-delivery standards. 

In another, ICES products invoked via the Microsoft Graph API after Defender for Office 365 scanned messages were assessed for their incremental catch rates.

To illustrate how customers can extract dashboard metrics programmatically, Microsoft provided this PowerShell example using the Microsoft Graph Security API:

The JSON response includes fields such as safeLinks, safeAttachments, and zeroHourAutoPurge, enabling integration with SIEM and SOAR platforms.

The combined power of the new dashboard and ecosystem benchmarks offers a rigorous, transparent basis for evaluating not only Microsoft’s native defenses but also the value added by third-party SEGs and ICES solutions. 

Quarterly updates to both the dashboard metrics and benchmarking reports will keep customers apprised of emerging attack techniques and vendor performance trends.

Boost detection, reduce alert fatigue, accelerate response; all with an interactive sandbox built for security teams -> Try ANY.RUN Now