Category: MDO

News Informatique

Reported mailbox notifications messages subject change

Currently, in Microsoft Defender for Office 365, when a notification message is reported by an end user and arrives at the reporting mailbox, the subject lines begin with: Moving forward, the subject lines of notification messages reported by end users will start with This change is being made to ensure readability and enable you to create better …

Enhanced Submissions experience from Email entity and Summary panel

In Microsoft Defender XDR for Office 365, Microsoft is enhancing the Submit to Microsoft for review options on the Email entity page and Summary panel so admins can convey whether they are submitting for a second opinion or submitting to confirm a clean or a malicious verdict. In the same workflow, we are also introducing the Entities allow option that Security …

Password protected download for quarantined emails from Email Entity

Microsoft is introducing password protected downloads of email messages from the Email Entity Summary Panel in Microsoft Defender for Office 365. Today, password protected downloads are available from the Quarantine experience.  When this will happen: General Availability: Microsoft will begin rolling out mid-March 2024 and expect to complete by late March 2024. How this will …

Microsoft Defender for Office 365: New Quarantine release details

In Microsoft Defender for Office 365, Microsoft is rolling out new details on who or what is responsible for releasing a message from quarantine. These details will now be included in the email summary flyout panel accessible from the Quarantine page. When this will happen: General Availability : Microsoft will begin rolling out late March …

[MDO] Quarantine End User Allow and Block list management

In Microsoft Defender for Office 365, Microsoft is updating the way end users allow and block emails in Exchange Online.  When this will happen: Microsoft will begin rolling out late April 2024 and expect to complete by mid-May 2024. How this will affect your organization: With one click, end users will block emails from unwanted …

Microsoft Defender for Office 365: Block Sender in Quarantine notification will require signing in to security portal

Quarantine End User Allow and Block list management, sign in to the security portal will be required for the Block Sender action in Quarantine notifications.  When this will happen: Microsoft will begin rolling out early March 2024 and expect to complete by mid-March 2024. How this will affect your organization: When the user clicks on …

Reminder: Microsoft Defender for Office Empowers End Users to Report Suspicious Messages in Microsoft Teams

The ability for Microsoft Teams users to report internalchats, channels and meeting conversations within Teams as a security risk will be turned ON by default. Security risk messages could include ones that contain phishing or spam or malicious content, such as phishing URL or malware file, spam content. To learn how end users can report, …

Microsoft Defender for Office 365: Upcoming Changes to Intra-Org Messages

Microsoft will be updating the way intra-organizational SCL ratings are assigned for intra-organizational messages. When this will happen: Changes to logging intra-organizational messages will begin rolling out in early April and is expected to be complete by late June. How this will affect your organization: All intra-organizational messages are currently marked with SCL -1 (bypass …

Customize login pages in Attack Simulation Training

Attack Simulation Training is an intelligent phish risk reduction tool that measures behavior change and automates deployment of an integrated security awareness training program across an organization. It is available with Microsoft 365 E5 or Microsoft Defender for Office 365 P2 plan. As per the previous experience, users were directed to the Microsoft curated credential harvest login …

Update to Quarantine retention period for Malware detections

Given feedback from customer on the need for an additional time to triage the emails or files that were quarantined as result of potential malware, Microsoft is increasing the retention period from 15 days to 30 days. When this will happen Standard Release: will begin rolling this out by end of July and expect to …

Upcoming behavior change to the “DoNotRewrite” List

With the deployment of the Tenant Allow/Block List, as being the single source of truth for Tenant Allows, other mechanisms for Tenant Allows are being removed. This will give SecOps teams one place to manage all Tenant Allows. Today, “DoNotRewrite” list is used to Skip wrapping URLs Detonation(SONAR) Verdicts. The intended purpose of “DoNotRewrite” is …

[MDO] Password protected download of quarantined messages

With this change Microsoft is giving the ability to password protects items they download from quarantine. Microsoft wants users to be confident that the items they are downloading to their systems will not execute involuntarily without their consent, and this capability will allow them to safely transport the items to external analysis tools. When this …

Custom organization branding for quarantine notification

Microsoft will be adding capabilities to making it possible for Security Operations (SecOps) to customize end user quarantine notifications with their respective organization sender address and custom subject. When this will happen: Standard: will begin rolling out in late August and is expected to be complete by early September. Government: will begin rolling out in …

MDO – Introducing differentiated protection for priority accounts [General Availability]

The April 13, Microsoft announced general availability of differentiated protection for priority accounts, people like executives, leaders, managers, or other users who have access to sensitive, proprietary, or high priority information. With this release, users tagged as priority accounts will receive a higher level of protection against threats. Licences The Priority account protection feature is …

[MDO] Some cmdlets will be retired in May 2022

Get-AdvancedThreatProtectionDocumentReport and Get-AdvancedThreatProtectionDocumentDetail will be retired Microsoft will be retiring the Get-AdvancedThreatProtectionDocumentReport and Get-AdvancedThreatProtectionDocumentDetail cmdlet from Microsoft Defender for Office 365. Instead, Microsoft recommends the use of the Get-ContentMalwareMdoAggregateReport | Get-ContentMalwareMdoDetailReport cmdlet. Key points Timing: retirement will begin in early May and is expected to complete by mid-May Action: review and transition to the Get-ContentMalwareMdoAggregateReport …

[MDO] Investigation updates for improved email threats and actions

Microsoft is improving Automated Investigation and Response (AIR) from Defender for Office365 The rollout of the updated email clustering will begin today, June 21st. Investigations will now only queue actions for approval when malicious emails are still in the mailbox (by using latest delivery location instead of original). Investigations only queue actions for malware or …

Microsoft Defender for Office 365: Introducing Advanced Delivery for Phishing Simulations and SecOps Mailboxes

Microsoft is introducing a new capability, Advanced Delivery, for the configuration of third-party phishing simulation campaigns and delivery of messages to security operations (SecOps) mailboxes. Admins will now be able to explicitly configure for the following scenarios and ensure messages configured as part of these scenarios are handled correctly across product experiences: Third-Party Phish simulation …

New features on ATP Safelinks

Microsoft add two new feature on ATP Safe Links : Display the organization branding on notification and warning pages Use custom notification ATP Safe Links branding is now rolling out for you! Check out your ATP Safe Links policy.

Office 365 ATP connector for Azure Sentinel [Public Preview]

Nice to see the Office 365 Advanced Threat Protection connector for Azure Sentinel ! Description Office 365 Advanced Threat Protection (ATP) safeguards your organization against malicious threats posed by email messages, links (URLs) and collaboration tools. By ingesting Office 365 ATP alerts into Azure Sentinel, you can incorporate information about email- and URL-based threats into …

Application Guard for M365 Apps [Public Preview]

Files from the internet and other potentially unsafe locations can contain viruses, worms, or other kinds of malware that can harm your users’ computer and data. To help protect your users, Office opens files from potentially unsafe locations in Application Guard, a secure container that is isolated from the device through hardware-based virtualization. When Office …