Secure by default is Retiring the Move message to Junk Email folder policy option for high confidence phishing emails
We are retiring the Move message to Junk Email folder policy option for high confidence phishing emails in Exchange Online Protection (EOP) anti-spam policies. Existing policies that rely on the Move message to Junk Email folder option will automatically switch to the Quarantine message option. The Redirect message to email address option is unchanged.
If you are not using the Move message to Junk Email folder option for high confidence phishing emails, there is no impact for your organization.
- Timing: beginning of March 2021 through mid-March 2021
- Roll-out: tenant level
- Action: review and assess
How this affects your organization
Given the phishing threat landscape today, we will begin treating high confidence phishing email on par with malware, which immediately moves into quarantine.
Based on our analysis, we have determined that the probability of an end user clicking on a link in a high confidence phishing email is 30 times greater when the email is in the Junk folder than when it is in quarantine. End users cannot take actions on email in Quarantine.
Secure by default is a term used to define default settings that are the most secure as possible. It is how our filtering works out-of-the-box to keep potentially dangerous or unwanted messages out of tenant mailboxes.
What you need to do to prepare
If you are using the Move message to Junk Email folder option for high confidence phishing emails, we will automatically update that policy to Quarantine message.
In the event of a rare false positive, your end users will need to visit the quarantined email and request its release.
You might want to notify your users about this new capability and update your training and documentation as appropriate.
- Find and release quarantined messages as a user in EOP
- How EOP works
- Manage quarantined messages and files as an admin in EOP
- Secure by default in Office 365
Message ID: MC237394