How Microsoft 365 Defender detect malware on user device, and how to see a detail report about it?

Question

Hi All,

Recently the Microsoft 365 Defender on my tenant has detected some malware activity on some devices, but I have a hard time finding where the detailed report on those activities lies.

For instance, in the picture below, I can only see that there are 2 devices have malware detected, but there is no other information such as which type of malware, where the malware is on the device, how M365 Defender detects them, and if the device is not Intune-enrolled, can the Defender still detect malware.

I hope that someone can give some guidance about this.

Warm regards,
DatTM

PS: I do not know which is the correct tag for this question, so I leave it at windows-10-security.

Answer 1

Hi DatTruongManh-1313

Let’s have a look at the alert dashboard in the portal as shown in the ATTACHED PIC. You can navigate to the alert overview by selecting Incidents & Alerts and then select Alerts. Note that you can also filter alerts for specific products, like Microsoft Defender for Endpoint, with the built-in filtering capability in the portal

Reference:https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/alerts?view=o365-worldwide

If this article helps, please mark this post as helpful.