Here is a summary of the changes and features that Microsoft introduced in January 2023 regarding its Microsoft Defender for Office service (formerly Office 365 Advanced Threat Protection (ATP)).
- The automatic expiration management of the allowed/blocked tenant list is now available in Microsoft Defender for Office 365: Microsoft will now automatically remove entries from the allow list once the system has learned from them. Alternatively, Microsoft will extend the expiration time of allow entries if the system has not yet learned. This will prevent legitimate emails from going to junk mail or quarantine.
- Configuring third-party phishing simulations in advanced delivery: Microsoft has extended the "Simulation URLs to allow" limit to 30 URLs.
- Third-party phishing simulations: simulated attacks can help you identify vulnerable users before a real attack impacts your organisation.
- Security operations mailboxes (SecOps): mailboxes dedicated mailboxes used by security teams to collect and analyse unfiltered messages (both legitimate and malicious).
- To find out how to configure it, see Configure the delivery of third-party phishing simulations to users and unfiltered messages to SecOps mailboxes
To ensure the default security of your organisation, Exchange Online Protection (EOP) does not allow safe lists or bypass filtering for messages identified as malware or high-confidence phishing. However, there are specific scenarios that require the delivery of unfiltered messages. For example:
You use the advanced delivery policy in Microsoft 365 to prevent the filtering* of inbound messages in these specific scenarios. The advanced delivery policy ensures that messages in these scenarios achieve the following results:
- Filters in EOP and Microsoft Defender for Office 365 take no action on these messages.*
- Zero-Hour Auto Purge (ZAP) for spam and phishing take no action on these messages**.
- Default system alerts are not triggered for these scenarios.
- AIR and clustering in Defender for Office 365 ignore these messages.
Read more: What's new in Microsoft Defender for Office 365 - Office 365 | Microsoft Docs
Discover also the featured articles: