https://letsautomate.it/tags/powershell/ Recent content in Powershell on Lets Automate It Hugo en-us Thu, 18 Jul 2019 14:37:17 -0500 https://letsautomate.it/article/microsoft-defender-advanced-threat-detection-queries/ Thu, 18 Jul 2019 14:37:17 -0500 https://letsautomate.it/article/microsoft-defender-advanced-threat-detection-queries/ <p>Recently, I <a href="https://twitter.com/MSAdministrator/status/1145778141127991302?s=20">shared on Twitter</a> how you could run a query to detect if a user has clicked on a link within their Outlook using Microsoft Defender Advanced Threat Protection (MDATP). If you are not familiar, MDATP is available within your Microsoft 365 E5 license and is an enhancement to the traditional Windows Defender you might be used to.</p> <h1 id="what-is-microsoft-defender-advanced-threat-protection">What is Microsoft Defender Advanced Threat Protection?</h1> <p><a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protection">Microsoft</a> says that “Microsoft Defender Advanced Threat Protection is a platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.” MDATP offers quite a few endpoints that you can leverage in both incident response and threat hunting.</p>