Microsoft Defender for Office 365 (plan 2) contains the Threat Explorer feature. It's a useful way to investigate problematic messages which arrive in a tenant. The automated investigations feature can highlight messages containing malware by assembling evidence about warning signs in the message or its contents, and administrators can then action the recommendations up to and including the removal of messages already delivered to user mailboxes. Automating investigations is a good thing, if you afford Defender for Office 365 Plan 2.
Are there any security or compliance concerns for Office 365 customers who allow emails to be sent to Microsoft Teams channels?
How does the Dynamic Delivery feature of Exchange Online Protection Advanced Threat Protection (ATP) impact customers who use journaling for email compliance and archiving.
Here's my experience using the Advanced Threat Protection features in Exchange Online Protection to protect my Office 365 tenant.