Microsoft 365 Business Premium is great for SMB productivity. But it is lacking in the security department. Luckily, Microsoft 365 E5 Security comes to the rescue!
Among several security features and services, Microsoft 365 E5 Security includes Defender for Endpoint Plan 2 which enables usage of tables that make “Hunting” properly “Advanced”. 🙂
As Microsoft documentations puts it, DeviceFileEvents “contains information about file creation, modification, and other file system events”. This is particularly useful, for example, in security incident scenarios where finding out how many devices have had a specific malicious file on disk.
The plot twist here is that it’s not enough to just purchase Microsoft 365 E5 Security as an add-on to Microsoft 365 Business Premium. Because the Defender Workplace gets created using Microsoft 365 Business Premium template. You have to manually switch to the “premium” template in Defender admin portal settings.
It takes a few hours to update the Defender Workplace, after that DeviceFileEvents and other advanced tables will become available for use in Advanced Hunting.
Standard IT Blog 
You must be logged in to post a comment.