Blog Post

Microsoft Defender for Office 365 Blog
6 MIN READ

Mastering Configuration in Defender for Office 365 - Part Two

Sundeep_Saini's avatar
Sundeep_Saini
Icon for Microsoft rankMicrosoft
Apr 29, 2021
This blog is part two of a three-part series detailing the journey we’re on to simplify the configuration of threat protection capabilities in Office 365 to enable best-in class protection for our cu...
Updated Aug 04, 2022
Version 7.0
awareness & training
configuration
Mastering Configuration
prevention
Secure Posture
Sundeep_Saini's avatar
Sundeep_Saini
Icon for Microsoft rankMicrosoft
Aug 03, 2021

Edit: 9/10/21. To clarify, partner outreach to several major phishing simulation vendors was completed (not all). We will continue to evaluate solution and are open to engaging with phishing simulation vendors on their phishing simulation solution and how to best configure with Defender for Office for their customers.

-----------

Hello TreyContello -- Yes, Microsoft has worked with vendors across the industry in preparation for the release of Advanced Delivery. We provided pre-release documentation to all several major phishing simulation vendors and we invited them to meet with us and provide feedback. This allowed for design feedback as well as provided the phishing simulation vendors with time to plan for the change as well as update documentation/communication to their respective customers.

As noted in a couple of the above comments, we are adding one additional secure option for phishing simulation vendors - the ability to specify a DKIM domain. This is targeted to roll out in September (Please see M365 Roadmap item: Feature ID 82083).

 

For example, if specifying 10 sending domains doesn’t meet a phishing simulation vendor's needs, they could instead sign all of their messages with a particular phishing simulation vendor DKIM domain. The security admin (end user customer) would then have the option to enter either sending domain or phish sim vendor's DKIM domain via the new advanced delivery policy based on the phishing simulation vendor's guidance. The DKIM domain creates another secure option giving customers the flexibility to utilize sending domains and/or DKIM domains. In order for this option to work, the phishing simulation vendor will need to implement DKIM domain in their phishing simulation offerings to customers.

 

Adding Jenelle Sujat Km_MSN for questions along similar thread -- Confirming that advanced delivery requires a message match on at least 1 sending domain and at least sending IP and that each field has a limit of 10 entries. Several design options were vetted before landing on this solution. The DKIM domain option mentioned above is another option for phishing simulation vendors that will release in September.