Microsoft Defender for Office 365: Exchange Online Protection- Customizable Authenticated Received Chain (ARC) configuration

Email senders use authentication mechanisms like SPF, DKIM, DMARC to authenticate emails, but some legitimate intermediate services may potentially make changes to the email, which might cause the email to fail authentication at subsequent hop. Authenticated Received Chain (ARC) is an authentication mechanism that helps preserve authentication results across intermediaries. With this change, admins will be able to add trusted intermediaries in the Microsoft 365 Defender portal to allow Microsoft to honor these ARC signatures, thereby allowing legitimate messages.
More info: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/use-dmarc-to-validate-email?view=o365-worldwide#how-microsoft-365-utilizes-authenticated-received-chain-arc

(more…)

Microsoft Defender for Office 365: Quarantine – Custom Policy and Folder

Previously, quarantine behavior was configured through each individual filtering policy. To reduce complexity, we’ve moved new and existing quarantine parameters into a standalone Quarantine policy.

(more…)

Microsoft Defender for Office 365: Updates to spam reporting

We’re working on creating consistent reporting experiences for customers, and as a result we’re deprecating the standalone spam detections report. A new Spam detections report view will now be available in the Threat Protection Status report.
More info: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/view-email-security-reports?view=o365-worldwide#threat-protection-status-report

(more…)

Microsoft Defender for Office 365: Localization of end user spam notifications

We’re making it easier to send end user spam notifications to users in multiple languages. Instead of Admins choosing the specific language for quarantine notifications, spam notifications will be sent by default in the language assigned to the user’s mailbox.

(more…)

Microsoft Defender for Identity: Alert exclusion in Microsoft 365 security center

One of the most widely used features relating to alerting in Defender for Identity is being able to tune them and make sure you are only alerted on what should be getting your attention. With the exclusion capability landing in Microsoft 365 security center for Defender for Identity, you can tune the alerts and filter the detections based on entities that matter to you. We are also improving the experience in the allow-list functionality, making sure you can allow entities across all detections as opposed to allowing them per detection.

(more…)

Microsoft Defender for Office 365: Priority account filtering for quarantine

We’re including the priority account tag in the quarantine experience, allowing admins to prioritize their focus on the organization’s most targeted and most visible users.
More info: https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/announcing-priority-account-protection-in-microsoft-defender-for/ba-p/1696385

(more…)

Microsoft Defender for Office 365: Quarantine integration for user and admin submissions

With this change we’re giving admins the ability to allow senders for a specified period of time, right from the quarantine workflow. When releasing emails to end users, admins can now opt to remember this decision by creating an entry in the tenant allow/block list that corresponds to the indicator of compromise aligned with the message in question. Admins can now choose to allow or prevent users from submitting messages to Microsoft for analysis.

(more…)

Microsoft Defender for Office 365: The Attack Simulation Training landing page is now customizable

We’re pleased to announce the availability of a new landing page experience that allows customers to easily tailor the landing page to suit the requirements of their enterprise and include their own branding.
More info: https://techcommunity.microsoft.com/t5/security-compliance-and-identity/the-attack-simulation-training-landing-page-is-now-customizable/ba-p/2777460

(more…)

Microsoft Defender for Office 365: The Attack Simulation Training landing page is now customizable

We’re pleased to announce the availability of a new landing page experience that allows customers to easily tailor the landing page to suit the requirements of their enterprise and include their own branding.
More info: https://techcommunity.microsoft.com/t5/security-compliance-and-identity/the-attack-simulation-training-landing-page-is-now-customizable/ba-p/2777460

(more…)

Microsoft Defender for Office 365: DomainKeys Identified Mail (DKIM) support for Advanced Delivery

We’re adding support for DomainKeys Identified Mail (DKIM) domains to our advanced delivery feature, enabling administrators to use DKIM domains in addition to sending domains to configure their third-party phishing simulations.
More info: https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/mastering-configuration-in-defender-for-office-365-part-two/ba-p/2307134

(more…)


I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.