Office 365 Threat Protection

This post was originally written by Rudra Mitra, director for Office 365 Information Protection Engineering

The built-in suite of powerful threat protection services for Office 365including Exchange Online Protection (EOP), Advanced Threat Protection (ATP), and Threat Intelligence—is a paramount requirement for customers choosing Office 365 to help drive their digital transformation. With InfoSecurity Europe kicking off today, we are providing an update on how these security workloads provide enhanced protection for our customers and meet the strict data residency, compliance, and privacy requirements of Office 365.

The foundational elements of Office 365 threat protection include:

  • Protecting users from threats.
  • Detecting threats.
  • Remediating threats.
  • Raising awareness and enabling education of threats.

An overview of enhanced capabilities for Office 365 threat protection shows the columns "Powerful Protection", "Deep Detection", and "Rapid Remediation and Education."

Overview of enhanced capabilities for Office 365 threat protection.

Here’s a summary of the enhancements we made to these elements:

Protection enhancements

Phishing has many forms ranging from “royalty” offering rewards to more sophisticated and targeted campaigns. Cybercriminals continue to find other attack methods, manifesting in a rise of phishing campaigns across the industry landscape, including in Office 365. We have a >99.9 percent malware catch rate, and to better protect customers against phishing, we made following enhancements in Office 365:

  • Anti-impersonation enhancements to help stop spear-phishing campaigns.
  • Anti-spoofing enhancements.
  • Internal email scanning for phishing.
  • Enhanced detection of phishing lures.

The new anti-phishing technology made available to our customers is leveraged by Microsoft Core Services Engineering and Operations (CSEO). As one of the world’s largest enterprises, Microsoft faces concerns and security requirements similar to our customers. With the enhanced protection capabilities, our customers should have even greater confidence with Office 365 threat protection.

A scope of attack overview shows four different scopes: Scams, Brand phishing, IT/SaaS phishing, and Spear phishing.

Different types of phishing attacks seen in the threat landscape.

Detection enhancements enriching the user and admin experience

For users to be educated on flagging suspicious links coming through email, they must have visibility to the destination URLs point. Now, Office 365 offers the Native Link Rendering feature that enables Office 365 ATP customers to view the destination of URLs and make more informed decisions when clicking links. This feature is currently available for the Outlook Web App and coming to the Outlook client later this year.

In addition, admins who enable the Report Message button in their Outlook client can empower users with the ability to report a suspicious email as potential phishing, sending the email directly to Microsoft for further analysis.

A screenshot displays an example of the Native Link Rendering and Report Message features in Outlook Web App.

Example of the Native Link Rendering and Report Message features in Outlook Web App.

The enhanced Phish view in the Security & Compliance Center dashboard offers admins new reporting capabilities that provide broader visibility, control, and finer detail on the threats impacting their organization. The Phish view offers ATP admins with enriched phishing, malware, and user submission (the emails reported by users) details. In the coming months, we will add more details to the Phish view, exposing the category of phishing email that is blocked. Additionally, enhancements are also launching for new reporting views for EOP customers.

A screenshot displays the Office 365 Security & Compliance dashboard.

Enhanced Phish view in the enriched admin capabilities for Office 365 ATP.

Threat remediation, awareness, and education

Since we first announced Office 365 Threat Intelligence, we added powerful threat remediation features in the service. Admins can proactively search for suspicious emails and delete them before any adverse impact to the organization. Additionally, threat trackers are available enabling admins to perform investigations on potential threats to the tenant.

A screenshot displays Remediation Actions in the lower left corner of the Security & Compliance dashboard.

Remediation actions available for proactive deletion of suspicious emails.

Threat Intelligence also features the Attack Simulator to help raise awareness and provide an education for modern threats. Using the Attack Simulator, admins can launch realistic threats at specific users. This allows them to update policies and protection based on actionable insights from the simulations. Our recent webcast provides a detailed update on the impressive set of capabilities offered in Office 365 Threat Intelligence.

A screenshot of an attack simulator dashboard.

Attack simulator dashboard.

Secure your digital transformation

Security for the modern workplace is fundamental to our customers’ digital transformation journey. Start an Office 365 E5 trial to experience holistic protection of the modern workplace.

Need help setting up Office 365?

  • This field is for validation purposes and should be left unchanged.