I've had to analyze several MS Quick Assist compromises and found challenges during each one. Threat Hunting for malicious activity thru QA is not easy either.

So I wrote a blog post on what to look for: https://inversion6.com/resources/blog/january-2025/microsoft-quick-assist-an-it-security-primer

You asked, and we delivered! Check out the new Microsoft Incident Response Ninja Hub for a compilation of the research and guides that the Microsoft IR team has developed over the years on threat hunting, case studies, and more.

https://techcommunity.microsoft.com/t5/microsoft-security-experts-blog/welcome-to-the-microsoft-incident-response-ninja-hub/ba-p/4243594