Microsoft add two new feature on ATP Safe Links : Display the organization branding on notification and warning pages Use custom notification ATP Safe Links branding is now rolling out for you! Check out your ATP Safe Links policy.
Nice to see the Office 365 Advanced Threat Protection connector for Azure Sentinel ! Description Office 365 Advanced Threat Protection (ATP) safeguards your organization against malicious threats posed by email messages, links (URLs) and collaboration tools. By ingesting Office 365 ATP alerts into Azure Sentinel, you can incorporate information about email- and URL-based threats into …
Files from the internet and other potentially unsafe locations can contain viruses, worms, or other kinds of malware that can harm your users’ computer and data. To help protect your users, Office opens files from potentially unsafe locations in Application Guard, a secure container that is isolated from the device through hardware-based virtualization. When Office …
Automated external email forwarding is a tactic attackers use to exfiltrate data out of an organization. To counter that, Microsoft is updating their anti-spam policies. First, they are providing a control to easily enable automatic external forwarding for select people in your organization. Second, they will change the “Automatic” setting to block automatic external forwarding. …
Microsoft is making it possible for you to customize quarantine notifications with your organization logo, custom display name, and a custom disclaimer. When this will happen Microsoft will begin rolling this out at the end of July (previously mid-July) and expect to be complete in September. How this will affect your organization Example of custom …
Microsoft is making some enhancements to Office 365 campaign views. How this will affect your organization Once rolled out the following enhancements will be available: Malware attacks are now expressed as campaigns and benefit from the same advanced clustering and visualization that phish campaigns have had Campaign timeline is now interactive, allowing inspection of what …
When? The rollout will be complete by mid-August. How this will affect your organization These changes include timezone improvements; making the chart legend value a filter; and updates to in-production information. In addition, there is an updated refresh process. Note that you will need to click on the Refresh button to filter results as part …
New version 1.9.11 of ORCA (Office 365 Recommended Configuration Analyzer) ready for download: https://powershellgallery.com/packages/ORCA/ Improvements : Check if enhanced filtering is turned on (mportant if you have a solution in-front of EOP/ATP) Check for duplicate anti-malware policiesCheck for duplicate anti-malware policies Check for duplicate anti-spam policies Check for duplicate anti-phishing policies Check Safe Attachments Policy …
Safe Documents is a new feature that improves the existing Protected View experience. The feature automatically verifies the document against the latest known risks and threats before allowing users to leave the Protected View container. Prerequisites Microsoft 365 E5 This feature is off by default and needs to be enabled by a Security Administrator Integration …
The purpose of this cheat sheet is to cover commonly used threat hunting queries that can be used with Microsoft Threat Protection. Microsoft Threat Protection has a threat hunting capability that is called Advance Hunting (AH). AH is based on Azure Kusto Query Language (KQL). The cheat sheet consist of some of the most frequently …
New version 1.8.8 of ORCA (Office 365 Recommended Configuration Analyzer) ready for download: https://powershellgallery.com/packages/ORCA/ Improvements : Optional additional outputs (not just HTML) : JSON File and CosmosDB Support for running within Azure automation (instructions coming soon) and probably other automated fashions Dupe checks for anti-spam and anti-malware policies now (like the ones for ATP policies …
New version 1.7.5 of ORCA (Office 365 Recommended Configuration Analyzer) ready for download: https://powershellgallery.com/packages/ORCA/ Improvements : Check Safe Attachments Policy Exists for all domains Check Safe Links Policy Exists for all domains Check for duplicate anti-phishing policies Checks to determine if Safe attachments unknown malware response set to block Check ATP Phishing Mailbox Intelligence Protection …
Microsoft is expanding the functionality of the Campaign Views feature beyond phish. You will now see malware campaigns as well. Microsoft is adding an interactive timeline, and developing a process for automated campaign write-ups. They are also working to surface Campaign Views in additional views, so that you can easily refer to them from wherever …
Effective June 1, 2020, as soon as you have one Microsoft security products among Microsoft Defender ATP, Office 365 ATP, Microsoft Cloud App Security or Azure ATP you will be able to access the new unified console Microsoft Threat Protection with correlation cross-workload, advanced hunting and automatic healing. https://azure.microsoft.com/en-us/updates/mtp-auto-enabled/
Last Friday, Microsoft announced the general availability of two extremely popular and valuable features in the Office 365 Advanced Threat Protection offering: Campaign Views Advanced Compromised user detection and response. Campaign views: Campaign views offer security teams the full story of how attackers targeted the organization and its users and how their defenses held up …
Safe Documents is a public preview feature in Office 365 Advanced Threat Protection (ATP) that uses Microsoft Defender Advanced Threat Protection to scan documents and files that are opened in Protected View. Safe Documents automatically checks documents against known risks and threat profiles before allowing them to open. Users are not asked to decide on …
13/12/2019 – Microsoft has announced several new features in the phish simulation tool. This includes: an attachment-based phishing attack the ability to filter your simulation user targets by directory metadata like title, city, and department the inclusion of IP addresses and client data in the simulation detail report Simulation phish message simulations are included in …
Microsoft has recently add a new feature to Attack Simulator : Advanced reporting capabilities. The ability to see data such as the fastest (or slowest) time to open an attack simulation email message, the fastest (or slowest) time to click a link in the message, and more visualizations. Even if Microsoft does not announce yet …