Leading the way in the fight against dangerous email threats
A typical month for the Microsoft Office 365 Exchange Online Protection team might be considered atypical for most. In the fight against spam and malware, Microsoft process over 200 billion emails each month and block 10 million spam messages every minute. That’s the norm for Microsoft’s malicious threat protection efforts—but Microsoft doesn’t stop there. As email attackers around the globe are getting smarter and more sophisticated, Microsoft is making big investments in Microsoft Exchange Online Protection and Advanced Threat Protection services to proactively identify and block the most dangerous email threats, with features like:
- Built-in protection against malicious attack vectors, with spoof and common attachment-type detection.
- Visible protection to end-users via Safety Tips to prevent users from interacting with detected malicious emails.
- Rich learning mechanisms for users, such as Phish Reporting and Advanced Threat Protection.
New capabilities of Exchange Online Protection and Advanced Threat Protection
It takes constant vigilance to protect against external threats without disrupting end-user productivity. That’s why Microsoft has introduced several new capabilities in Exchange Online Protection and Advanced Threat Protection, which help protect you from unknown external threats while providing admins visibility on targets within their companies and options for mitigating or eliminating attacks.
Dynamic Delivery of Safe Attachments — Last June, Microsoft introduced Advanced Threat Protection Safe Attachments to protect against unknown threats by detecting viruses in email attachments. After going through the standard Office 365 protection process of three anti-virus engines and multiple spam filters, an email with a suspicious attachment enters the Safe Attachment sandbox environment, which has a detonation chamber to analyze the attachment and determine whether or not it’s safe—a process that typically takes 5–7 minutes.
With Dynamic Delivery of Safe Attachments, Microsoft eliminated that delay by sending the email body with a placeholder attachment. In contrast, the actual suspicious attachment undergoes a Safe Attachment scan. Recipients can read and respond to the message, which includes notification that the original attachment is being analyzed. If the real attachment is cleared, it replaces the placeholder; if not, the admin can filter out the unwanted and potentially malicious attachment. Dynamic Delivery of Safe Attachments is now in private preview for Advanced Threat Protection customers and is scheduled for general availability this quarter.
Zero-hour Auto Purge — In the event of incorrectly categorizing an unread email as spam, malicious or safe, Zero-hour Auto Purge provides the ability to change that verdict. For example, if a message is delivered to your inbox and later found to be spam, Zero-hour Auto Purge moves that message from the inbox to the spam folder; the reverse is true for messages misclassified as spam. Now in preview with approximately 50 customers and available on-demand, Zero-hour Auto Purge will be rolled out for all Exchange Online Protection global tenants in the first quarter of 2016. Admins will have total control over overusing this feature or not since Zero-hour Auto Purge can be disabled in the admin center.
Safety Tips in Outlook on the web — This Exchange Online Protection feature proactively gives user-friendly safety tips that help you decide whether or not to open an email. For example:
- If an email is from a trusted sender, you are notified that it’s a safe message.
- If you receive a suspicious or phishing email, the message states that it’s from an untrusted source.
The idea behind Safety Tips in Outlook on the web is to educate users by augmenting written notification of the message status by adding a red bar at the top of suspicious or phishing emails. This added visual cue provides an alert to protect you from a potentially fraudulent request or other suspicious action. Safety Tips in Outlook on the web will be generally available to Exchange Online Protection customers in the first quarter of 2016.
Protection against insider spoofing — Yet another growth area for “spoofers” is what’s called “insider spoofing” or “peer phishing,” when a phisher impersonates high-ranking company executives by spoofing the company’s email domain. The email looks like an internal email, making it hard for existing filters to identify it as malicious. Fortunately, by built-in intelligence that leverages big data, strong authentication checks, and reputation filters, Exchange Online Protection has strengthened its counterfeit detection by over 500 percent.
Phish reporting — This new feature enables Outlook on the web users to report phishing to Microsoft by clicking the Junk pull-down menu and selecting Phishing. The Report as phishing dialog is displayed and includes a link to learn more about phishing and gives you the option to send a copy of this message to Microsoft to help improve email protection technologies by clicking the Report or Don’t report button. Microsoft hopes this feature helps you better recognize phishing messages and report any that appear suspicious.
Microsoft expects to complete the deployment of this feature by the end of this quarter. In the meantime, you can report missed phish by sending an email with the phishing message as an attachment to Microsoft’s new firstname.lastname@example.org address.
Filtering common malicious attachment types — Microsoft heard our feedback and is pleased to provide an easy-to-use feature for Exchange Online Protection admins to filter out unwanted and potentially malicious attachments by their file types within the Malware Policy. This will help consolidate attachment filtering and action for malicious content, rather than addressing these issues through Exchange transport rules and malware filtering policies. Later this quarter, you’ll find the “Common Attachment Types Filter” in the Malware Filter section of the admin center under the Protection tab on the left and the Malware Filter tab on the top. From there, your choice is to edit an existing malware policy or create a new one.
These new Office 365 Exchange Online Protection and Advanced Threat Protection features reflect Microsoft’s ongoing commitment to providing the most advanced security, reliability, and protection of your email and user education and a simpler and more efficient experience for admins. Microsoft is advancing the protection Microsoft offer to protect you and your organization from external attacks proactively.