Windows 10 News and info | Forum
April 07, 2020, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
 
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Office 365 to Block Harmful Content Regardless of Custom Configs  (Read 67 times)
javajolt
Administrator
Hero Member
*****
Offline Offline

Gender: Male
United States United States

Posts: 31270


I Do Windows


WWW Email
« on: February 05, 2020, 02:13:33 PM »
ReplyReply

Microsoft is currently working on new features designed to block malicious content in Office 365 regardless of the custom configurations set up by administrators or users unless manually overridden.

This change was prompted by the fact that some settings allow for Office 365 Exchange Online Protection/Advanced Threat Protection detonation verdicts to be bypassed and inadvertently allow malicious content to reach the customers' inboxes.

Once the new features will be enabled, Office 365 will automatically honor EOP/ATP detonation — malware analysis — verdicts to block known malicious files and URLs regardless of custom configurations.

Quote
We see lots of cases where the configuration of our protection stack has enabled malicious content to be inadvertently delivered to end-users. We’re working on a few features that will help address this problem. Our first phase includes Honoring detonation verdicts. All too frequently, URLs and files that have been flagged as malicious are allowed through to the inbox due to transport rules and domain allows. - Microsoft


The domain allows and transport rules are the ones most commonly responsible for content flagged by Office 365 EoP or ATP as malicious still being delivered to the end-users.

"We’re updating our filters to ensure that malicious files and URLs are not delivered regardless of configuration unless manually overridden," says the features' entry on the Microsoft 365 Roadmap.

The "Office 365 ATP, Secure by Default" update is currently under active development according to the roadmap and comes with an estimated release date set for February 2020, to be generally available in all environments.

Office 365 end-users urged no to bypass spam filters

Microsoft previously warned Office 365 admins and users against bypassing the built-in spam filters in June 2019, as part of a support document that also provides guidelines for cases when this can't be avoided.

As Redmond says, Office 365 end-users should avoid enabling Allow or Block lists within the Spam Filter policies, as well as skipping Transport Rules scanning. Microsoft also urges Outlook or Outlook on the Web users and admins not to toggle on Safe and Blocked senders.

"We recommend that you do not use these features because they may override the verdict that is set by Office 365 spam filters," says Microsoft.

Microsoft advises all Office 365 users and admins who choose to override the spam filters anyway to:

Quote
   • Never put domains that you own onto the Allow and Block lists.

   • Never put common domains, such as microsoft.com and office.com, onto the Allow and Block lists.

   • Not keep domains on the lists permanently unless you disagree with the verdict of Microsoft.


Microsoft recommends Office 365 customers to report junk email messages using the Microsoft Junk Email Reporting Add-in "to help reduce the number and effect of future junk email messages," while Outlook users can employ the Report Message add-in to report junk email.

"If you have to set bypassing, you should do this carefully because Microsoft will honor your configuration request and potentially let harmful messages pass through," the support document says.

"Additionally, bypassing should be done only on a temporary basis. This is because spam filters can evolve, and verdicts could improve over time."

More Office 365 security-focused updates

Microsoft's development team previously announced the rollout of the Office 365 Advanced Threat Protection (ATP) Campaign Views feature in public preview in December 2019 designed to provide security teams with a summary of the attack flow behind phishing attacks against their orgs.

Redmond is also working on including recommended security profiles to Office 365 ATP and Exchange Online Protection (EOP) as revealed in December.

One month earlier, in November, Redmond released the Office 365 ATP enhanced compromise detection and response feature in public preview to help Security Operations (SecOps) teams detect breaches, as well as automatically identify and investigate suspicious users and remediate hacked accounts.

The company also included Authenticated Received Chain (ARC) to all for Office 365 hosted mailboxes in October, a new feature to improve anti-spoofing detection and examine authentication results.

source
Logged


Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page April 02, 2020, 05:58:42 AM