Microsoft Defender for Office 365: Handling Malicious Intra-Organizational Messages

Originally posted by Microsoft Jun 9, 2023 Uncategorized 0 Comments

We are updating the handling of intra-organizational messages that contain a malicious URL in Microsoft Defender for Office 365.

When this will happen:

Rollout will begin in early June and is expected to be complete by mid-June.

How this will affect your organization:

Admins will have at least 30 days to opt out of how intra-organizational malicious messages are handled within the anti-spam policy. Admins will also have the opportunity to define handle intra-organizational messages containing malicious or spam-based URLs are handled in their tenant.

Once this rollout is completed, Admins will be able to define how they want to handle malicious or spam-based URLs detected in intra-organizational messages. The initial default behavior will be to take no action on these messages, but the detection will be recorded as it is today. After the opt-out period no less than 30 days, the default behavior will be to quarantine messages that contain high confidence phishing URLs.

If you want to opt-out or opt-in early you can adjust your preferences within the anti-spam policy, more information can be found in Configure spam filter policies. If you do nothing, the policy will default to act on messages containing high confidence phishing URLs once the opt out period ends.

What you need to do to prepare:

You don’t need to do anything, however, if you don’t want to act on intra-organizational messages, you can opt-out by changing the Anti-spam setting to NONE or you can opt-in to the change by changing the value to something other than DEFAULT/NONE.

Message ID: MC577356