Microsoft Threat Protection preview features
- Microsoft Threat Protection
The Microsoft Threat Protection service is constantly being updated to include new feature enhancements and capabilities.
Learn about new features in the Microsoft Threat Protection preview release and be among the first to try upcoming features by turning on the preview experience.
For more information on new capabilities that are generally available, see What's new in Microsoft Threat Protection.
Turn on preview features
You'll have access to upcoming features which you can provide feedback on to help improve the overall experience before features are generally available.
Turn on the preview experience setting to be among the first to try upcoming features.
In the navigation pane, select Settings.
Select Microsoft Threat Protection.
Select Preview features > Turn on preview features.
You'll know you have preview features turned on when you see that the Turn on preview features check box is selected.
The following features and enhancements are currently available on preview:
In-portal schema reference — information about schema tables available directly in the security center. In addition to table and column descriptions, this reference provides information about supported event types (
ActionTypevalues) and sample queries.
Identity and app tables — get visibility into authentication events, Active Directory queries, and app-related activity with the IdentityLogonEvents, IdentityQueryEvents, and AppFileEvents tables in the advanced hunting schema.