Learn how to view and analyze actions performed by attackers during an account compromise
Investigating attacker behavior
The Incidents page, here for a single tenant.
An Incident page (Remediation Actions Panel hidden)
The Incident page, with the Remediation Actions Panel hidden.
The Remediation Actions Panel.
The Threat Overview section.
The Attack Timeline section (Full view).
The Activity logs viewer (Exchange tab).