Microsoft has announced the introduction of two powerful new data tables to its Defender XDR advanced hunting capabilities, marking a significant enhancement to the platform’s threat detection and investigation capabilities.
The CampaignInfo and FileMaliciousContentInfo tables will provide security operations center (SOC) teams with deeper visibility into email-based threats and malicious file activities across Microsoft 365 environments.
New Advanced Hunting Tables
CampaignInfo Table Strengthens Email Campaign Detection
The CampaignInfo table represents a major advancement in email security monitoring, containing comprehensive information about email campaigns identified by Microsoft Defender for Office 365.
This table will integrate seamlessly into the existing Email & collaboration schema within the advanced hunting framework, providing security teams with detailed insights into coordinated email attack campaigns.
The new table will enable SOC analysts to investigate threats more effectively by providing campaign-specific data, including unique campaign identifiers, campaign names, types, and associated network message IDs.
Security teams will be able to correlate email events with campaign data to understand the scope and impact of coordinated attacks targeting their organizations.
FileMaliciousContentInfo Table Addresses Cloud File Threats
The FileMaliciousContentInfo table focuses on malicious file detection across Microsoft’s cloud collaboration platforms, including SharePoint Online, OneDrive, and Microsoft Teams.
This addition addresses the growing need for comprehensive file-based threat monitoring in hybrid work environments where cloud file sharing has become essential.
This table will help security teams investigate file-based threats by providing detailed information about files identified as malicious by Defender for Office 365 across the Microsoft 365 ecosystem.
The enhanced visibility will enable faster response times and more comprehensive threat investigations when dealing with malicious content in cloud storage and collaboration platforms.
Microsoft has outlined a phased rollout schedule for these new capabilities. The Public Preview phase will commence in early June 2025, with completion expected by late June 2025.
Following the preview period, General Availability is planned for early July 2025, with worldwide deployment expected to be completed by late July 2025.
The rollout will include all Microsoft cloud environments, encompassing Worldwide, Government Community Cloud (GCC), GCC High, and Department of Defense (DoD) deployments.
These new tables will be available by default, requiring no administrative action for implementation. SOC teams will immediately gain access to enhanced threat hunting capabilities through the familiar advanced hunting interface.
The addition supports Microsoft’s broader strategy of providing comprehensive threat visibility across the Microsoft 365 security ecosystem.
Advanced hunting serves as a critical component of modern threat detection, allowing security teams to proactively inspect up to 30 days of raw data to locate threat indicators and entities.
The new tables expand this capability specifically for email campaign analysis and cloud file threat investigation.
These enhancements reinforce Microsoft Defender XDR‘s position as a comprehensive threat hunting platform, joining existing tables that cover endpoint, identity, and cloud application security events.
The integration ensures security teams can maintain a unified approach to threat investigation across all Microsoft 365 workloads.
Live Credential Theft Attack Unmask & Instant Defense – Free Webinar
