Event banner
Securing corporate credentials with Enhanced Phishing Protection
Event details
Credential phishing has been increasing at alarming rates in recent years and is the number one security threat facing enterprises, as attackers with corporate credentials can wreak havoc on an organization. In this session, we walk through what Enhanced Phishing Protection is and why it's important, how it fundamentally moves the needle on credential phishing, how to configure it for your environment, and what end users see.
This session is part of the Microsoft Technical Takeoff: Windows + Intune. Add it to your calendar, RSVP for event reminders, and post your questions and comments below! This session will also be recorded and available on demand shortly after conclusion of the live event. |
- Heather_PoulsenCommunity Manager
Here are the resources mentioned and listed at the end of this session:
- Blog post - Protect passwords with enhanced phishing protection
- IT admin information - Enhanced Phishing Protection in Microsoft Defender SmartScreen
- Consumer information - Protect your Microsoft password from being phished
- Policy/CSP information - Policy CSP - WebThreatDefense
- Security toolkit - Windows 11, version 22H2 security baseline
- SmartScreen information - Microsoft Defender SmartScreen overview
- Sinclaire_HamiltonMicrosoftWelcome everyone!! I'm looking forward to this Technical Takeoff Session - I'm here live to answer any questions you may have about Enhanced Phishing Protection.
- MikeBeckerCopper ContributorCan we get all those links at the end there?
- Heather_PoulsenCommunity Manager
- SeMeDeIron ContributorHello everybody, is this feature really win11 only, like I heard from ignite? And is this feature more a (local) defender (AV) feature or is it a Defender MTP feature, because Enhanced Phising Protection was mentioned as "powered by Microsoft Defender SmartScreen"?
- Greg_C_GilbertIron ContributorBased on documentation, it's only W11 22H2. It's not supported on W11 21H1. https://learn.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen
- Sinclaire_HamiltonMicrosoftYes, this feature is only available on Windows 11. This feature is baked into Windows 11 22H2 and is powered by SmartScreen, so it's an extension of the SmartScreen feature and no license is needed (except to view alerts in the MDE portal)
- Heather_PoulsenCommunity Manager
Securing corporate credentials with Enhanced Phishing Protection at the Microsoft Technical Takeoff starts soon. Have a question? Post it here in the Comments.
- Heather_PoulsenCommunity Manager
Welcome to Securing corporate credentials with Enhanced Phishing Protection at the Microsoft Technical Takeoff. Let's get started! Have a question? Post it here in the Comments. Sinclaire and fellow subject matter experts will be answering during the session and throughout the week.
- Greg SteinBrass ContributorDoes this only protect the account that was used to logon to the device? Or will it also protect any additional AAD acct used? Use case would be people using separate "secured" accounts to access Intune/Azure portals...
- Sinclaire_HamiltonMicrosoftEnhanced Phishing Protection only protects the AAD, MSA, AD, or local account used to log into the Windows 11 device. It will not protect any additional secondary or associated AAD accounts that are not used to log into the device itself.
- Greg_C_GilbertIron ContributorBased on documentation, it's only W11 22H2. It's not supported on W11 21H1. https://learn.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen
- Sinclaire_HamiltonMicrosoftThat's correct, this is only on Win11 22H2.
- El_Duderino1985Copper ContributorI have already asked this question here (https://techcommunity.microsoft.com/t5/windows-it-pro-blog/protect-passwords-with-enhanced-phishing-protection/ba-p/3631881), but since I have not received an answer yet, I would like to try again here: I have just tested the feature, and everything works for me except that the alerts also end up in Microsoft Defender for Endpoint Portal. The test devices are all onboarded in Microsoft Defender for Endpoint Portal and other alerts are also displayed. Only the Enhanced phishing protection alerts are not displayed. Licensing-wise, a M365 E3 with E5 Security Addon is available. What could be the reason for this?
- Sinclaire_HamiltonMicrosoftHi Fabrizio, 1) Are you on Windows 11 22H2? 2) What other alerts can you see in the MDE Security Portal? 3) Have you been able to generate an Enhanced Phishing Protection blocking dialog on any test devices that are onboarded to MDE?
- El_Duderino1985Copper ContributorHi Sinclaire. Thanks for your reply! 1) Yes, Windows 11 22H2 2) I have tested it with a test alert ([Test Alert] Suspicious Powershell commandline) https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/run-detection-test?view=o365-worldwide 3) Yes, all blocking notifications are working! (Notify Malicious, Notify Password Reuse, Notify Unsafe App)
- Kurt_WiseCopper ContributorIs this feature independent of the browser the end user is using? For example, if a user is not using Edge but instead Google Chrome?
- Sinclaire_HamiltonMicrosoftEnhanced Phishing Protection works independent of the browser the end user is using! We work in all apps and sites, including Edge and Google Chrome.