Category: Office 365 ATP

Microsoft will be updating the way intra-organizational SCL ratings are assigned for intra-organizational messages. When this will happen: Changes to logging intra-organizational messages will begin rolling out in early April and is expected to be complete by late June. How this will affect your organization: All intra-organizational messages are currently marked with SCL -1 (bypass …

Attack Simulation Training is an intelligent phish risk reduction tool that measures behavior change and automates deployment of an integrated security awareness training program across an organization. It is available with Microsoft 365 E5 or Microsoft Defender for Office 365 P2 plan. As per the previous experience, users were directed to the Microsoft curated credential harvest login …

Given feedback from customer on the need for an additional time to triage the emails or files that were quarantined as result of potential malware, Microsoft is increasing the retention period from 15 days to 30 days. When this will happen Standard Release: will begin rolling this out by end of July and expect to …

With the deployment of the Tenant Allow/Block List, as being the single source of truth for Tenant Allows, other mechanisms for Tenant Allows are being removed. This will give SecOps teams one place to manage all Tenant Allows. Today, “DoNotRewrite” list is used to Skip wrapping URLs Detonation(SONAR) Verdicts. The intended purpose of “DoNotRewrite” is …

With this change Microsoft is giving the ability to password protects items they download from quarantine. Microsoft wants users to be confident that the items they are downloading to their systems will not execute involuntarily without their consent, and this capability will allow them to safely transport the items to external analysis tools. When this …

Microsoft will be adding capabilities to making it possible for Security Operations (SecOps) to customize end user quarantine notifications with their respective organization sender address and custom subject. When this will happen: Standard: will begin rolling out in late August and is expected to be complete by early September. Government: will begin rolling out in …

The April 13, Microsoft announced general availability of differentiated protection for priority accounts, people like executives, leaders, managers, or other users who have access to sensitive, proprietary, or high priority information. With this release, users tagged as priority accounts will receive a higher level of protection against threats. Licences The Priority account protection feature is …

Get-AdvancedThreatProtectionDocumentReport and Get-AdvancedThreatProtectionDocumentDetail will be retired Microsoft will be retiring the Get-AdvancedThreatProtectionDocumentReport and Get-AdvancedThreatProtectionDocumentDetail cmdlet from Microsoft Defender for Office 365. Instead, Microsoft recommends the use of the Get-ContentMalwareMdoAggregateReport | Get-ContentMalwareMdoDetailReport cmdlet. Key points Timing: retirement will begin in early May and is expected to complete by mid-May Action: review and transition to the Get-ContentMalwareMdoAggregateReport …

Microsoft is improving Automated Investigation and Response (AIR) from Defender for Office365 The rollout of the updated email clustering will begin today, June 21st. Investigations will now only queue actions for approval when malicious emails are still in the mailbox (by using latest delivery location instead of original). Investigations only queue actions for malware or …

Microsoft is introducing a new capability, Advanced Delivery, for the configuration of third-party phishing simulation campaigns and delivery of messages to security operations (SecOps) mailboxes. Admins will now be able to explicitly configure for the following scenarios and ensure messages configured as part of these scenarios are handled correctly across product experiences: Third-Party Phish simulation …

Microsoft add two new feature on ATP Safe Links : Display the organization branding on notification and warning pages Use custom notification ATP Safe Links branding is now rolling out for you! Check out your ATP Safe Links policy.

Automated external email forwarding is a tactic attackers use to exfiltrate data out of an organization. To counter that, Microsoft is updating their anti-spam policies. First, they are providing a control to easily enable automatic external forwarding for select people in your organization. Second, they will change the “Automatic” setting to block automatic external forwarding. …

Microsoft is making it possible for you to customize quarantine notifications with your organization logo, custom display name, and a custom disclaimer. When this will happen Microsoft will begin rolling this out at the end of July (previously mid-July) and expect to be complete in September. How this will affect your organization Example of custom …

Microsoft is making some enhancements to Office 365 campaign views. How this will affect your organization Once rolled out the following enhancements will be available: Malware attacks are now expressed as campaigns and benefit from the same advanced clustering and visualization that phish campaigns have had Campaign timeline is now interactive, allowing inspection of what …

When? The rollout will be complete by mid-August. How this will affect your organization These changes include timezone improvements; making the chart legend value a filter; and updates to in-production information. In addition, there is an updated refresh process. Note that you will need to click on the Refresh button to filter results as part …

New version 1.9.11 of ORCA (Office 365 Recommended Configuration Analyzer) ready for download: https://powershellgallery.com/packages/ORCA/ Improvements : Check if enhanced filtering is turned on (mportant if you have a solution in-front of EOP/ATP) Check for duplicate anti-malware policiesCheck for duplicate anti-malware policies Check for duplicate anti-spam policies Check for duplicate anti-phishing policies Check Safe Attachments Policy …