Event banner
Event details
ExMSW4319, MDO operator from Europe. I'd like to thank DART for helping keep MDO detection fresh.
Naturally I also have a question. What can be done to improve the speed at which Microsoft reacts to a breached O365 customer? It seems that all we can do is use the usual tools to alert MS that a tenancy clearly has a problem, and hope that the report is detected as a report of a breached tenancy and not just another source of malware phishing. On some days the most malign host attacking my mailboxes is prod.outlook.com. Yes, I realise that is because edge filtering is blocking all of the real rubbish...
LGP124Microsoft
Hi Nathan, could you please clarify your question here "What can be done to improve the speed at which Microsoft reacts to a breached O365 Customer?" Are you rereferring specifically to DART or Microsoft in general?- I am assuming that DART considers malware posted via O365 to be as high a priority as that posted via any other source, but it comes with the additional complication that Microsoft itself is the disseminating organisation. I would therefore expect it to instead be something of a commercial priority. How, therefore, do I alert Microsoft that one of its own customers is projecting a file or URL that none of the other security authorities we work with has yet recognised as malign? It seems that all I have is Outlook Report Message or the WDSI portal.
eolsonUsing Outlook Report Message will still be your best bet next to the WDSI portal. If you submit via the WDSI portal, you have the option of submitting as a home customer, enterprise customer or software developer. If you are a Microsoft customer, I would recommend opening a case because that will get you the quickest response or identifying yourself as an enterprise customer during the WDSI submission process.