Using Priority Accounts in Microsoft 365
Published Nov 18 2020 01:18 PM 45.6K Views
Microsoft

Many organizations have people that are considered priority accounts for IT, such as executives, leaders, managers, and others. To help IT ensure a high quality of service and protection for these people, we have introduced capabilities in Microsoft 365 that enable an admin to tag specific users as priority accounts and then leverage app-specific features designed for them. To start with, we’ve announced two capabilities: priority account protection and premium mail flow monitoring.

 

  • Priority account protection                 These users are common targets of phishing campaigns and other cyber-attacks because they often deal with sensitive or secret information and have the added advantage (from an attacker’s point of view) of being extremely visible and researchable. Some users can also have access to critical tools and information, making them targets, as well. Microsoft Defender for Office 365 (formerly Office 365 Advanced Threat Protection) supports priority accounts as system tags that can be used in filters in alerts, reports, and investigations. Priority account protection can be configured using the Security & Compliance Center.
  • Premium mail flow monitoring         Healthy mail flow can be critical to business success, and delivery delays or failures can have a negative impact on the business. You can monitor mail flow for priority accounts and choose a threshold for failed or delayed emails, receive alerts when that threshold is exceeded, and view a report of email issues for priority accounts. Premium mail flow monitoring can be configured using the modern Exchange admin center.

 

Let’s have a closer look at the app-specific features for priority accounts.

 

Priority account protection

In response to the reality of an increasingly sophisticated and targeted threat landscape, organizations need differentiated protection for their most visible and targeted employees. These accounts require more protection and attention from security teams. Monitoring these priority accounts closely can yield early warning and important threat intelligence signals that help protect the organization. With the public preview of priority account protection in Defender for Office 365, security teams can now provide extra protection for these accounts, as described here.

 

PA2.png

 

Priority accounts are treated as a tag that can be used in filters in alerts, reports, and investigations in Defender for Office 365, as shown below.

 

PA3.png

Over the next few months, priority account protection in Defender for Office 365 will be expanded. It will be integrated with the quarantine experience, and any email targeted at a priority account will be tagged as such. It will also be easy to filter the view to see only malicious emails targeted at priority accounts. Priority accounts will also be integrated with Submission explorer; submissions from any priority account will be tagged and filterable, allowing security teams to focus first on these submissions over others.

 

You can learn more about priority account protection in Defender for Office 365 in this Ignite on-demand session.

 

Requirements for priority account protection in Defender for Office 365

Priority account protection is available in Defender for Office 365 Plan 2, including those with Office 365 E5, Microsoft 365 E5, or Microsoft 365 E5 Security.

 

Premium mail flow monitoring

Exchange Online provides premium mail flow monitoring for priority accounts. For this scenario, you can use the Microsoft 365 admin center or the modern Exchange admin center to tag a user as a priority accounts.

 

PA1.png

After adding users to the priority accounts list, you can use the Exchange admin center to monitor mail flow for them You can choose a threshold for failed or delayed emails, receive alerts when that threshold is exceeded, and view a report of email issues for priority accounts. The report allows admins to view failed events from the last 15 minutes and delayed email messages from last 6 hours that were sent to or from priority accounts (note, if no issues are found, the report will be empty).

 

Requirements for premium mail flow monitoring

Premium mail flow monitoring requires Office 365 E3, Microsoft 365 E3, Office 365 E5, or Microsoft 365 E5, along with at least 10,000 licenses and at least 50 monthly active Exchange Online users.

 

Availability of priority accounts

Priority accounts are available to all Microsoft 365 customers. A priority account is a property setting on a user account, and you can see and modify the priority accounts list using PowerShell.

 

Scenario

PowerShell command

View list of priority accounts

get-user -IsVIP | select Identity

Add user to list of priority accounts

set-user -VIP:$true -Identity <Identity>

Remove user from list of priority accounts

set-user -VIP:$false -Identity <Identity>

 

You can use priority accounts only if your organization meets the app-specific requirements. If your organization meets the requirements for using priority account protection or premium mail flow monitoring, then you will see the above experiences in the admin centers. If your organization does not meet either of these requirements, you won’t see these experiences in the admin centers. In the future, more apps and services will support priority accounts, and new experiences and requirements will emerge.

 

As always, we welcome your feedback. Let us know if you have any scenarios you’d like to see us support for priority accounts.

11 Comments
Version history
Last update:
‎May 06 2021 11:45 AM
Updated by: