Email is Mission Critical for many Organizations. Therefore, Email Security becomes very important. So, it is no surprise that Email is the most common way in which Security is breached. The most common ways in which Email Security is compromised is via malicious links and attachments. So far, the only way to tackle this was End User Education where the Users were asked not to open any unknown attachments or click on unknown links. But this failed as humans are inquisitive by nature. And once the malicious link was clicked or the malicious attachment was opened, the attack spread all over the Organization in a very short time.
To address this specific issue, we are pleased to announce an Email Security Service which is an add on to our hugely popular Microsoft 365 Service used by many of valued Customers. The Service is called Defender for Office 365, previously known as Advanced Threat Protection P1.
Defender for Office 365 Plan 1 has the following capabilities:
Safe Links
Safe Links provides URL scanning of inbound email messages and provides time-of-click verification of URLs and links in email messages and other locations. Safe Link scanning occurs in addition to the regular anti-spam and anti-malware in inbound email messages in Exchange Online Protection.
Safe Attachments
Safe Attachments in Microsoft Defender for Office 365 provides an additional layer of protection for email attachments that have already been scanned by anti-malware protection in Exchange Online Protection (EOP). Specifically, Safe Attachments uses a virtual environment to check attachments in email messages before they’re delivered to recipients (a process known as detonation).
Safe Attachments for SharePoint, OneDrive and Microsoft Teams
Safe Attachments for SharePoint, OneDrive, and Microsoft Teams helps detect and block existing files that are identified as malicious in team sites and document libraries.
Anti-phishing protection:
Spoofingis when the from address in an email message (the sender address that’s shown in email clients) doesn’t match the domain of the email source.
Impersonationis where the sender or the sender’s email domain in a message looks similar to a real sender or domain.
Feature
Anti-phishing policies in EOP
Anti-phishing policies in Defender for Office 365
Automatically created default policy
Yes
Yes
Create custom policies
Yes
Yes
Common policy settings
Yes
Yes
Spoof settings
Yes
Yes
First contact safety tip
Yes
Yes
Impersonation settings
No
Yes
Advanced phishing thresholds
No
Yes
Real-time detections
Let’s see how it works. First, we will examine the process of email attachments:
Once an Email comes with attachments, the Email is delivered immediately but with a message that attachments are being scanned:
And in place of the attachment you get a mail message saying “ Scan in progress” as shown in the picture below:
And while the scan is on, you can check the preview of theattachment in case of urgency, as shown below:
And once the attachments are scanned, you can see the full attachments as you would normally do in an Email message:
And if Malware is detected in the attachment, then the attachment is replaced with an Alert message as shown:
Now let us look at malicious links. If the Email has any malicious link, you will get a warning as given below:
This service is also available for documents on One Drive and SharePoint. Once we turn on the service, then if anyexisting document which is infected, that is stored on One Drive or SharePoint, it will get flagged immediately as shown:
And for additional Security, you will not be able to Open or Share the same as shown:
In this way we are able to ensure that we do not spread the infection via existing documents which have malicious content.
Watch the interactive Guide for in depth Technical Dive: