The Microsoft 365 commercial support team resolves customer support cases and provides support to help you be successful and realize the full potential and value of your purchase. Our support services extend across the entire lifecycle and include pre-sales, onboarding and deployment, usage and management, accounts and billing, and break-fix support. We also spend a considerable amount of time working to improve the supportability of Microsoft 365 services to reduce the number of issues you experience as well as minimize the effort and time it takes to resolve your issues if they do occur.
We’re excited to welcome one of our Microsoft 365 Supportability team members to talk more about working with Microsoft Defender for Office 365.
Brian: Welcome Alex! Let’s start with a quick introduction. Tell us a little about your role in the CSS Modern Work Supportability team and what you’re working on these days.
Alex: I work as a Supportability Program Manager focused on Microsoft Defender for Office 365. I commonly liaise between our partners in engineering and support, for example, during the planning and release cycles. I review analytics to find key areas for improvement and share feedback with both organizations, optimize in-product self-help for our customers, and organize any material our support organization needs to be successful.
Brian: Keeping their organizations safe and protected is definitely a top priority for many of our customers. What are some of the different scenarios that Microsoft Defender for Office 365 addresses and what are some of the common questions that the support team receives?
Alex: Microsoft Defender for Office 365 (MDO) boosts productivity, simplifies administration, helps prevent and remediate advanced threats, raises employee threat awareness, and keeps a secure posture.
It is part of Microsoft 365 Defender, a security solution which automatically correlates and analyzes threats across many workloads. With 65 trillion signals synthesized daily and 37 billion email threats blocked last year alone, it leverages artificial intelligence (AI) to automatically stop attacks and remediate affected assets into a safe state.
Most common support questions are around onboarding and customizing Anti-Phishing, Safe Links or Safe Attachments policies, integrating email with industry authentication standards, such as Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting and Conformance (DMARC), and questions around detection effectiveness and improvement.
Brian: It sounds like you spend a lot of time working on self-help solutions for MDO and ways customers can quickly help themselves without having to contact support. What are some of the key considerations and things you think about when building solutions?
Alex: There are a lot of things I factor in when developing self-help assets. Here are a few of the key questions I think about:
- Who is the target audience of this information? Our solutions are written for a wide range of customers, from novice administrators onboarding to Office 365 to manage their Small or Medium Business (SMB) to advanced Security Operations (SecOps) teams.
- What are the top support queries in this area? Real-world questions and potential issues with the MDO service are analyzed by artificial intelligence (AI) and human intelligence (HI), split into categories by issue type or product functionality. Then, solutions and diagnostics are created to provide the right answers per issue type.
- Is the solution promoting healthy security behaviors? Depending on what you do with the product, you can have different outcomes. When recommending one solution over another, we review if it won’t inadvertently cause other issues down the road. Then we select the most secure, best-practice solution to surface.
- What self-help formats are most impactful? Multiple formats are available when we connect issues to possible solutions. We quantify how they helped resolve an issue in the past, and constantly learn and improve our toolset, both for existing sets of insights and new workflows.
Brian: Wow, so a lot of surface area to cover and take into consideration here with all the customer and issue types. What kinds of self-help solutions could a customer see and take advantage of when working with MDO?
Alex: There are quite a few solution types and here’s a quick list, and keep in mind that this list is constantly evolving with solutions being updated and added as the product evolves:
These are the first solutions you will see when you visit the “Need Help” section in any of the Microsoft 365 admin centers and type a question. They are short, relevant to the search query, and may contain links to additional information, such as blogs or video content.
Pro Tip: The more information you can give about the issue, the better the solution we can offer. For example, type “Find and release quarantined messages as an administrator” instead of “Release message.”
Supportability has partnered with product engineering to make more useful recommendations and suggest playbooks during SecOps investigations of ransomware or phishing incidents, right from the Incidents page in Microsoft 365 Defender. More in-product integrations are planned, so stay tuned!
In partnership with support and engineering, we publish to a blog series to demystify how email protection works in Office 365. Visit aka.ms/emailbasics to read and subscribe to Email Protection Basics in Microsoft 365. You may find links to blog articles when searching for “how-it-works” -type questions.
Microsoft Security has a great library of videos on their YouTube channel that cover common Microsoft Defender workflows. We include relevant videos from the Microsoft Defender for Office 365 playlist in self-help insights. There are many helpful 3-5-minute videos that can explain a feature better and faster than text.
Many times, we can solve an issue just by running a few checks on how your MDO environment is configured within your organization. Currently, some email protection validations, like DomainKeys Identified Mail (DKIM), are part of the larger Exchange and Outlook Self-help diagnostics tool set.
Here’s a new set of step-by-step guides made to help you configure, use and diagnose common issues with MDO. Relevant guides are selected and surfaced in self-help insights, since they answer many common customer questions.
This type of content is offered in every search query, even when we couldn’t surface more specific insights. This is the most complete and up-to-date Office 365 security content library. Microsoft 365 Defender for Office 365 documentation has information on permissions you’ll need to view features or make changes, detailed instructions on how features work, relevant videos, and other learning content. Some security best practice guides span multiple Office 365 workloads, like in the Configure your Microsoft 365 tenant for increased security document, for example.
Brian: That’s a lot of self-help solutions and assets! Any tips, insights, or guidance to share or highlight here on best ways to utilize based on what you see in support interactions?
Alex: These are my top three tips, based on how often these features come up in support queries:
For administrators new to MDO, start with preset security policies recommended by Microsoft, or simply run the setup guide to get started.
- Follow Zero Trust cybersecurity principles, such as “Assume-Breach.” Basically, you proactively assume your systems have been breached and minimize the blast radius. Learn how to recover your organization after email compromise or how Automated Investigation and Response (AIR) works.
- When dealing with misclassified spam and phishing emails, report them to Microsoft to quickly regrade them or highlight any configuration issues.
Pro Tip: We cover these and other tips in the Microsoft 365 Email Protection Basics infographic shown below. To save or print for quick access, you can also download the infographic file attached below this blog post.
Brian: Thank you Alex, this has been super insightful and hopefully helps our customers understand the self-help that’s available for MDO. Any last words?
Alex: Thanks so much for the opportunity to talk about our work. I’m excited to help with the new features and releases to keep organizations secure and keep improving the support experience for our customers and support agents! For more information on Security and Microsoft Defender for Office 365, check out the resources below!
- Ninja training – Quick link: https://aka.ms/mdoninja
This training library targets different knowledge levels with multiple modules per level. There’s a knowledge check after each module, and you can even earn a certificate at the end of this training. This training is part of a larger Ninja training set available on demand for Defender for Identity, Cloud Apps, Endpoint and data loss prevention (DLP).
The Microsoft Defender for Office 365 discussion space in the SCI community is very active and answers many common questions. If you have questions or feedback about Microsoft Defender for Office 365, engage with the community and Microsoft experts in the Microsoft Defender for Office 365 forum or visit the Microsoft Defender for Office 365 Blog in the Security, Compliance, and Identity (SCI) community.
@Alex Hudish is a Supportability Program Manager on the Customer Service & Support (CSS) Modern Work Supportability team focused on Security and Microsoft Defender for Office 365.
@BrianStoner is a director on the Customer Service & Support (CSS) Modern Work Supportability team where he leads a team of technical and business program managers.
The CSS Modern Work Supportability team delivers innovative self-help solutions and diagnostics, in-service enhancements, and support programs to help customers get maximum value from their Microsoft 365 commercial subscriptions and create an easy-to-use, connected support experience.
Continue the conversation by joining us in the Microsoft 365 community! Want to share best practices or join community events? Become a member by “Joining” the Microsoft 365 community. For tips & tricks or to stay up to date on the latest news and announcements directly from the product teams, make sure to Follow or Subscribe to the Microsoft 365 Blog space!