Many organizations have people that are considered priority accounts for IT, such as executives, leaders, managers, and others. To help IT ensure a high quality of service and protection for these people, we have introduced capabilities in Microsoft 365 that enable an admin to tag specific users as priority accounts and then leverage app-specific features designed for them. To start with, we’ve announced two capabilities: priority account protection and premium mail flow monitoring.
Let’s have a closer look at the app-specific features for priority accounts.
In response to the reality of an increasingly sophisticated and targeted threat landscape, organizations need differentiated protection for their most visible and targeted employees. These accounts require more protection and attention from security teams. Monitoring these priority accounts closely can yield early warning and important threat intelligence signals that help protect the organization. With the public preview of priority account protection in Defender for Office 365, security teams can now provide extra protection for these accounts, as described here.
Priority accounts are treated as a tag that can be used in filters in alerts, reports, and investigations in Defender for Office 365, as shown below.
Over the next few months, priority account protection in Defender for Office 365 will be expanded. It will be integrated with the quarantine experience, and any email targeted at a priority account will be tagged as such. It will also be easy to filter the view to see only malicious emails targeted at priority accounts. Priority accounts will also be integrated with Submission explorer; submissions from any priority account will be tagged and filterable, allowing security teams to focus first on these submissions over others.
You can learn more about priority account protection in Defender for Office 365 in this Ignite on-demand session.
Priority account protection is available in Defender for Office 365 Plan 2, including those with Office 365 E5, Microsoft 365 E5, or Microsoft 365 E5 Security.
Exchange Online provides premium mail flow monitoring for priority accounts. For this scenario, you can use the Microsoft 365 admin center or the modern Exchange admin center to tag a user as a priority accounts.
After adding users to the priority accounts list, you can use the Exchange admin center to monitor mail flow for them You can choose a threshold for failed or delayed emails, receive alerts when that threshold is exceeded, and view a report of email issues for priority accounts. The report allows admins to view failed events from the last 15 minutes and delayed email messages from last 6 hours that were sent to or from priority accounts (note, if no issues are found, the report will be empty).
Premium mail flow monitoring requires Office 365 E3, Microsoft 365 E3, Office 365 E5, or Microsoft 365 E5, along with at least 10,000 licenses and at least 50 monthly active Exchange Online users.
Priority accounts are available to all Microsoft 365 customers. A priority account is a property setting on a user account, and you can see and modify the priority accounts list using PowerShell.
Scenario |
PowerShell command |
View list of priority accounts |
|
Add user to list of priority accounts |
|
Remove user from list of priority accounts |
|
You can use priority accounts only if your organization meets the app-specific requirements. If your organization meets the requirements for using priority account protection or premium mail flow monitoring, then you will see the above experiences in the admin centers. If your organization does not meet either of these requirements, you won’t see these experiences in the admin centers. In the future, more apps and services will support priority accounts, and new experiences and requirements will emerge.
As always, we welcome your feedback. Let us know if you have any scenarios you’d like to see us support for priority accounts.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.