Sep 30, 2025 · Where to find hunting graph You can find the hunting graph page by going to the left navigation bar in the Microsoft Defender portal and selecting Investigation & response > …

Sep 9, 2025 · Learn about advanced hunting queries in Microsoft Defender and how to use them to proactively find threats and weaknesses in your network.

May 26, 2025 · Hunting for security threats is a highly customizable activity that is most effective when accomplished across all stages of threat hunting: proactive, reactive, and post incident. …

Aug 1, 2025 · Microsoft Defender Experts for Hunting - Servers is an add-on to Defender Experts for Hunting - XDR, providing proactive threat hunting for hybrid and multicloud servers Our …

2 days ago · Required permissions To take action on devices through advanced hunting, you need a role in Microsoft Defender for Endpoint with permissions to submit remediation actions …

Oct 26, 2025 · Open the Advanced hunting page from the navigation bar in Microsoft Defender portal. The Security Copilot side pane for advanced hunting appears at the right hand side. …

Sep 18, 2025 · Seek assistance from Defender Experts. This document outlines the key infrastructure requirements you must meet and important information on data access and …

Oct 30, 2024 · If you're new to Microsoft Defender XDR and Defender Experts for Hunting, this is how you onboard, receive, and set up Defender experts notifications.

Jun 27, 2025 · Frequently asked questions related to the Microsoft Defender Experts for hunting service

Oct 22, 2024 · Start threat hunting immediately with predefined and shared queries. Share your queries to the public or to your organization.

May 19, 2025 · Learn about threat hunting and remediation in Microsoft Defender for Office 365 using Threat Explorer or Real-time detections in the Microsoft Defender portal.

Jul 1, 2025 · Learn how to use hunts for conducting end-to-end proactive threat hunting. Seek out undetected threats based on hypothesis or start broadly and refine your searches with this …

Mar 28, 2025 · A function is a type of query in advanced hunting that can be used in other queries as if it's a command. You can create your own custom functions so you can reuse any query …

Oct 30, 2025 · While you can construct your advanced hunting queries to return precise information, you can also work with the query results to gain further insight and investigate …

Advanced hunting is a threat-hunting tool that uses specially constructed queries to examine the past 30 days of event data in Microsoft Defender XDR. You can use advanced hunting queries …

Jun 11, 2025 · Learn how to hunt for phishing campaigns and suspicious clicks using the UrlClickEvents table in the advanced hunting schema.

Jun 20, 2025 · The IdentityLogonEvents table in the advanced hunting schema contains information about authentication activities made through your on-premises Active Directory …

Oct 28, 2025 · Advanced hunting in Microsoft Defender multitenant management allows you to proactively hunt for intrusion attempts and breach activity in email, data, devices, and …

Nov 4, 2025 · Use this reference to construct queries that return information from the table. For information on other tables in the advanced hunting schema, see the advanced hunting …

Aug 4, 2025 · Understand various quotas and usage parameters (service limits) that keep the advanced hunting service responsive

Learn to use the advanced hunting API to run advanced queries on Microsoft Defender for Endpoint. Find out about limitations and see an example.