MDO – Introducing differentiated protection for priority accounts [General Availability]
The April 13, Microsoft announced general availability of differentiated protection for priority accounts, people like executives, leaders, managers, or other users who have access to sensitive, proprietary, or high priority information. With this release, users tagged as priority accounts will receive a higher level of protection against threats.
The Priority account protection feature is available to customers with Microsoft Defender for Office 365 Plan 2, including those with Office 365 E5, Microsoft 365 E5, or Microsoft 365 E5 Security.
Priority account protection will be automatically enabled by default for applicable tenants, but Security Administrators can toggle this functionality by going to Settings > Email & collaboration > Priority account protection in the Microsoft 365 Defender portal. However, Microsoft doesn’t recommend disabling this setting.
Reviewing differentiated protection in Threat Explorer
You can filter Threat Explorer views by selecting Priority account protection in the context dropdown.
Reviewing differentiated protection in the email entity page
Priority account protection is now listed under Threat detection details in the Email entity page
In addition, the threat protection status report will have a new filter that will allow admins to filter for those emails that were detected as bad due to the extra layer of protection that was applied by Priority account protection.
New features released
In addition to Priority account protection, Microsoft is excited to share additional features that have recently gone live to make priority accounts and custom tags more effective across Microsoft Defender for Office 365:
User tags can be added as conditions to custom alert policies
A custom alert policy is a set of conditions that define user, admin, or email activity that will generate an alert. Email sender and recipient tags, as well as user tags, can now be added as conditions on custom alert policies to receive alerts following the defined activities.
Proactively investigate attacks targeting priority accounts within quarantine
Priority account tags are now integrated with the quarantine experience within Microsoft Defender for Office 365. Any email targeted at one of the priority accounts will be tagged as such and filtered within the quarantine experience, making it easy to filter the view to only look at malicious emails that targeted these critical accounts.
Prioritize submissions from priority accounts and other tagged users
User tags and priority accounts are now integrated with the new unified Submissions experience new submissions experience. As users report attacks landing in their inboxes, security teams can take these signals and thwart campaigns before breaches become costly. Now, submissions from priority accounts and tagged users are explicitly tagged and filtered so that security teams can prioritize focus on these submissions over others.
Target user tags in Attack simulation training
Targeting priority accounts and other custom user tags are now possible in attack simulation and can be done within the Simulation Creation experience. You can now use this capability to run targeted simulations against pre-defined user tags and even set up simulation automations targeting these groups at specific frequency. For more information, see our recent blog post on User tags based targeting in Attack simulation training and more details on Microsoft Docs.
Priority accounts within the Compromised users report
The priority account tag is now integrated with the Compromised users reporting experience so that compromised users from priority accounts are explicitly tagged and filtered. This report shows the number of accounts that were marked as Suspicious or Restricted within the last 7 days. This allows security teams to filter the Compromised users report to these key users within an organization and closely monitor any spikes or trends within priority accounts.