How Microsoft thwarts phishing attacks with Office 365

A few updates that might be of interest including the risk of ransomware infecting Office 365 mailboxes and the corresponding mitigation.  

Ransomware is a well-known threat that usually comes in via phishing links or via email attachments. Taking this to the next level there is a risk of Office 365 mailboxes from being encrypted and held for ransom. Other cloud services may also be affected.

This was shown a couple of days ago on an Office 365 mailbox, while it was simulated it's still alarming and well worth reviewing. 

Here is a https://youtu.be/VX59Gf-Twwo, which shows a link in a phishing email being clicked and the user agreeing to grant rights, then all emails being encrypted and then finally the ransom being paid and all emails restored: 

It's possible to mitigate this threat but it does have implications, as it requires turning Integrated Apps off on a tenant per https://support.office.com/en-us/article/turning-integrated-apps-on-or-off-7e453a40-66df-44ab-92a1-96786cb7fb34, this setting is on by default: 

Obviously, review the impact before changing this setting. Coaching/training staff in how to spot phishing emails is crucial and not to act upon when they are instructed to carry out actions, like clicking links etc. Make sure staff know about Safety tips and how to take them into account - https://support.office.com/en-us/article/Safety-tips-in-email-messages-in-Office-365-fb4f8e49-0468-4be2-8fa6-99501f1ad9d5.

Also, it's important that when harmful spam/phishing does get through that these are reported properly, here are are some instructions on how to do this - https://blogs.msdn.microsoft.com/tzink/2017/11/30/when-creating-support-tickets-about-spam-be-sure-to-include-message-headers/.