Custom detections overview


Welcome to Microsoft 365 Defender, the new name for Microsoft Threat Protection. Read more about this and other updates here.

Applies to:

  • Microsoft 365 Defender

With custom detections, you can proactively monitor for and respond to various events and system states, including suspected breach activity and misconfigured endpoints. This is made possible by customizable detection rules that automatically trigger alerts as well as response actions.

Custom detections work with advanced hunting, which provides a powerful, flexible query language that covers a broad set of event and system information from your network. You can set them to run at regular intervals, generating alerts and taking response actions whenever there are matches.

Custom detections provide:

  • Alerts for rule-based detections built from advanced hunting queries
  • Automatic response actions