Microsoft Defender for Office 365: Evaluations in audit mode

We are adding several new capabilities to our audit mode, which is used to evaluate Defender for Office 365 through a trial or a subscription that includes Defender for Office 365 Plan 2. 1) Security Administrators can now turn on/off specific evaluation policies. 2) You can now evaluate domain and user impersonation protection in audit mode where no action on messages will be taken. 3) If your organization’s MX is pointed to a 3rd party email filtering provider and you want to evaluate spoof filtering in Defender for Office 365, you will be able to do so in audit mode where no action, such as send to junk/quarantine, on messages will be taken.

(more…)

Microsoft Defender for Office 365: Email Response actions through Microsoft graph API

We are introducing email response actions API. Email purge actions like soft delete, hard delete, move to junk etc can be triggered through Microsoft Graph API.

(more…)

Microsoft Defender for Office 365: Recipient Block using Tenant Allow/Block List Senders

,Today the Tenant Allow Block List is used to prevent users from receiving email from select senders. However, users are still able to send emails to that same address or domain. With this new feature, the Tenant Allow Block List will be extended to prevent users from sending emails to addresses and domains that are added to the Allow/Block list.

(more…)

Microsoft Defender for Office 365: Automatically allow Spoofing and Impersonation related messages directly using Admin Submissions

Today security administrators can use the Submissions page in the Microsoft 365 Defender portal to submit email messages, URLs, and attachments to Microsoft for scanning. We are enhancing this capability with an option to automatically allow Spoofing and Impersonation related emails from senders/infrastructure that were classified as legitimate by the admin, despite being initially blocked by the system. This will help mitigate false positives while the system continues to learn.
More info: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/admin-submission?view=o365-worldwide#submit-a-questionable-email-to-microsoft

(more…)

Microsoft Defender for Office 365: Security Threat Submission API

The current Information Protection or Threat Assessment API does not support setting up end user reporting experiences and triaging samples reported by a user. The new Security Threat Submission API will address these scenarios and further improve existing capabilities. It was created using the Microsoft Graph Platform. The current API will continue to exist for several years to ensure existing processes are not affected, with eventual deprecation.

(more…)

Microsoft Defender for Office 365: Support DKIM Domain as Sending Infrastructure for Spoof intelligence management

For Microsoft Defender for Office 365 and Exchange Online Protection, we are adding support for providing “DKIM verified domain” as the “Sending Infrastructure” within Tenant allow-block lists-Spoofing, so that Security Administrators can better manage Anti-Spoofing activity and override it based on Spoof Intelligence. Currently, what is supported in this field is either the domain from DNS PTR record or /24 IP Subnet. Additionally, being able to specify a ‘DKIM verified domain’ will help serve scenarios where shared infrastructure provider services are used for sending emails. Since the DKIM domain is unique to each tenant and if it passes verification even when other authentication signals fail, if desired for legitimate business reasons, a spoofed message can still be allowed instead of being blocked.
More info: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/tenant-allow-block-list?view=o365-worldwide#domain-pair-syntax-for-spoofed-sender-entries-in-the-tenant-allowblock-list

(more…)

Microsoft Defender for Office 365: Hourly option for notifications

We are adding a new hourly option to end user notifications, allowing users to be able to rely on prompt notification about quarantined items when appropriate. With this feature users can be rest assured that they will be updated frequently once new items lands on their quarantine folder.
More info: https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/simplifying-the-quarantine-experience-part-two/ba-p/3354687

(more…)

Microsoft Defender for Office 365: Custom organization branding for quarantine notification (custom sender address and Custom subject)

We are adding capabilities to making it possible for SecOps to customize end user quarantine notifications with their respective organization sender address and custom subject. Doing so helps ensure that users have safe and secure access to their quarantined messages and trains them to recognize legitimate notifications.
More info: https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/simplifying-the-quarantine-experience/ba-p/2676388

(more…)

Microsoft Defender for Office 365: Quarantine asynchronous update [stage one]

Microsoft Defender for Office 365 is working to enable additional quarantine enhancements, like partial string search functionality and 1,000 message bulk operation support in quarantine. As a result, we’ll be making adjustments to the release process through an asynchronous approach. the first stage will be the introduction of the asynchronous updates and the second stage will the introduction of enhancement features such as partial string search and 1,000 message bulk support.
More info: https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/simplifying-the-quarantine-experience-part-two/ba-p/3354687

(more…)

Microsoft Defender for Office 365: Password protected download of quarantined messages

With this change we are giving the ability to password protects items they download from quarantine. We want users to be confident that the items they are downloading to their systems will not execute involuntarily without their consent, and this capability will allow them to safely transport the items to external analysis tools.
More info: https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/simplifying-the-quarantine-experience-part-two/ba-p/3354687

(more…)


I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.