Internet Explorer End of Life. Find IE usage in your Defender for Endpoint data
This post has some KQL to report usage of Internet Explorer.
dfe
Shields up! Find CISA Known Exploited Vulns in your Defender for Endpoint data
This post has some KQL to report CISA Known Exploited Vulns within your environment.
Exchange Onlne Email Investigation
This post has some KQL to report “who read the sensitive email and who opened the sensitive attachment” using Defender for Office365 and Defender for Endpoint.
KQL for files uploaded to cloud
This post has some KQL to report on files uploaded to cloud via Microsoft or Google browsers. It requires Office365 sensitivity labels, Defender for EndPoint and (for Google Chrome) the Microsoft Compliance extention