Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

Malicious Emails from old employee

Copper Contributor

Hi All,

 

I have a challenge with regards to a large number of executives and users within a specific region being targeted with treat emails from an ex-employee. The ex-employee is using multiple email addresses from public email providers to send treat emails to internal recipients within the region and to certain executive management employees. Is there any way I can stop this using Microsoft Defender???

 

We do not have the possibility to block the users ip address range as this will block all emails from EG: Gmail.com/ outlook.com etc???

 

Any advice would be much appreciated.

1 Reply
If you mean threats then those might be actionable through local law enforcement or private legal action. If the ex-employee is rotating through many freemail addresses then you would need to show a pattern and provide convincing reasoning as to why you suspect a particular person.

If the threat content is repetitive then you might have to resort to content detection where certain phrases match a pattern that triggers a mail flow rule. If you know that only certain freemail sending addresses are likely to be used then you can include those as a factor in the rule.