Malicious Intra-Organizational Emails are now protected by default

Today’s #MicrosoftQuickFix is that Microsoft has enabled in Microsoft Defender for Office 365 intra-organizational email protection by default for high-confidence phishing messages containing malicious or spam-based URLs!

This new feature in the Windows Defender for Office 365 Anti-spam policy controls whether spam filtering and the corresponding selected action for the spam verdict is applied to internal messages (email sent between users in your Exchange Online organization).

Screen shot of Anti-spam policy settings

The deployment of this feature is complete for intra-organizational messages with the default value of High confidence phishing messages selected which will quarantine the message. This feature is available in all Microsoft Tenants worldwide!

If you don’t want to utilize this feature on intra-organizational messages it can be disabled by modifying the Anti-spam Policy setting for ‘Intra-Organizational messages to take action on’ to none

You can also modify the Anti-spam Policy setting to apply to other spam filter verdicts.

For more information about this see:

#Microsoft #Microsoft365 #MicrosoftDefender #ExchangeOnline #MicrosoftCloudSecurity #MicrosoftCloudQuickFix

Microsoft to begin sending DMARC Reports

Today’s #MicrosoftQuickFix is that #Microsoft will soon begin sending DMARC Aggregate Reports as part of the #DMARC standard and as the owner of a domain you can request reports be sent to wherever your DMARC DNS record RUA setting points to. Is it time to revisit your #Microsoft365 domains DMARC, DKIM and SPF security settings?

Phishing attacks are getting more sophisticated and most organizations have implemented email security measures like SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) to help mitigate these risks.

Unfortunately SPF and DKIM alone do not provide 100% protection against email attacks or nefarious hackers spoofing a companies domain regardless of SPF and DKIM implementation.

DMARC (Domain-based Message Authentication, Reporting) works with SPF and DKIM to authenticate your mail senders. With a DMARC record configured you’ll get reports that provide the status of your email authentication so you can improve it if needed. This helps you detect malicious emails that claim to be from your domain.

Note: DMARC reports are in XML format and contain a lot of technical data. There are several DMARC report analyzer tools available as well as third-party vendors offering DMARC reporting capabilities.

Using DMARC with SPF and DKIM gives organizations more protection against spoofing and phishing of email. DMARC also helps receiving mail systems decide what to do with messages from your domain that fail SPF or DKIM checks thru the actionable DMARC policy you specify.

DMARC Aggregate Reports will be available for all Exchange Online Protection customers beginning in late February 2023 with expected rollout to complete in late March 2023.

For more information about DMARC in Microsoft 365 see:

#Microsoft #Microsoft365 #MicrosoftDefender #ExchangeOnline #DMARC #DKIM #SPF #MicrosoftCloudSecurity #MicrosoftCloudQuickFix

New Podcast Published -Microsoft 365 Email Impersonation Protection

In this episode Ryan McKay and Andrew Lowes talk about email impersonation protection in Microsoft Defender for Office 365. #Impersonation is where the sender or the sender’s email domain in a message looks similar to a real sender or domain.

URLs shown in today’s video podcast include:

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-anti-phishing-policies?view=o365-worldwide

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-anti-phishing-policies?view=o365-worldwide#impersonation-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365

#Microsoft #Microsoft365 #MicrosoftDefender #MicrosoftCloudQuickFix