The Shadow Workflows capability will provide detection and response of the most common post-compromise malicious activities. These activities include: Malicious inbox rule creation (we are completely revamping how we detect malicious inbox rules as part of this effort) Malicious phishing campaigns: At a minimum, we will detect and generate an incident report when a mailbox is responsible for a malicious phishing campaign. Data exfiltration: At a minimum, we will detect malicious file downloads from the Microsoft ecosystem.
