Some information in this article relates to a prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, with respect to the information provided here.
Similar to the The Email summary panel for email messages, Microsoft 365 organizations that have Microsoft Defender for Office 365 Plan 2 (add-on licenses or included in subscriptions like Microsoft 365 E5) have the Microsoft Teams message entity panel in the Microsoft Defender portal. The Teams message entity panel is a details flyout includes all Microsoft Teams data about suspicious or malicious chats, channels, and group chats on a single, actionable panel.
This article explains the information and actions on the Teams message entity panel.
Permissions and licensing for the Teams message entity panel
To use the Email entity page, you need to be assigned permissions. You have the following options:
Microsoft Entra permissions: Membership these roles gives users the required permissions and permissions for other features in Microsoft 365:
Full access: Membership in the Global Administrator* or Security Administrator roles.
Read-only access: Membership in the Global Reader or Security Reader roles.
Važno
* Microsoft recommends that you use roles with the fewest permissions. Using lower permissioned accounts helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
Where to find the Teams message entity panel
There are no direct links to the Teams message entity panel from the top levels of the Defender portal. Instead, the Teams message entity panel is available in the following locations:
From the Quarantine page at https://security.microsoft.com/quarantine: Select the Teams message tab > select an entry by clicking anywhere in the row other than the check box. The details flyout that opens is the Teams message entity panel.
Select the Teams messages tab > select an entry by clicking anywhere in the row other than the check box.
Select the User reported tab > select a Teams entry by clicking anywhere in the row other than the check box. You can filter the entries by selecting Filter > Message type > Teams. The details flyout that opens is the Teams message entity panel.
What's on the Teams message entity panel
The following information is available at the top of the Teams message entity panel:
The title of the flyout is the subject or the first 100 characters of the Teams message.
The current message verdict.
The number of links in the message.
The actions that are available at the top of the flyout depend on where you opened the Teams message entity panel.
Savjet
To see details about other Teams messages without leaving the Email summary panel of the current message, use Previous item and Next item at the top of the flyout.
The next sections in the Teams message entity panel depend on where you opened it:
The rest of the Teams message entity panel contains the following information, regardless of where you opened it:
Message details section:
Threats
Message location
Sender address
Time received
Detection tech
Teams message ID: You can use this value as an identifier of a Teams message in Defender for Office 365.
Sender section:
The sender's name and email address
Domain
External: The value Yes indicates the message was sent between an internal user and an external user.
One of the following sections, depending on whether the message if from a chat or a channel:
Chat: The Participants section:
Conversation type
Chat name
Name and email: Contains the name and email addresses of all of the participants (including the sender). If there are more than 10 participants, it also links to a secondary panel that lists all the participants in the chat at the time of the suspected threat.
Channel: The Channel details section:
Conversation type
Conversation name: Contains the name of the channel.
Name and email: Contains the name and address of the channel.
URLs section:
Name and type Contains the URL from the Teams message.
Threat
If the message has more than 10 URLs, select View all URLs to see all of them.
This module examines how Microsoft Defender for Office 365 extends EOP protection through various tools, including Safe Attachments, Safe Links, spoofed intelligence, spam filtering policies, and the Tenant Allow/Block List.
Demonstrate skills to plan, deploy, configure, and manage Microsoft Teams to focus on efficient and effective collaboration and communication in a Microsoft 365 environment.
Learn how to speed up the process of detecting and addressing compromised user accounts with automated investigation and response capabilities in Microsoft Defender for Office 365 Plan 2.
Filter > Message type > Teams. The details flyout that opens is the Teams message entity panel.
Previous item and Next item at the top of the flyout.