Exchange Online Protection

43 Topics

General Availability: Purview Customer Key Using Managed HSM
We are excited to announce the general availability of Purview Customer Key using Managed HSM. This new feature enhances your data security by allowing you to manage and control your own encryption keys using Azure Managed HSM. This release is the result of the efforts Microsoft 365 Data-At-Rest Encryption Engineering team. With Customer Key using Managed HSM, you can: Achieve higher security: Managed HSM provides dedicated, FIPS 140-2 Level 3 validated hardware for key protection, offering enhanced security over standard Azure Key Vaults. Ensure compliance: Meet stringent regulatory and compliance requirements with the advanced security features of Managed HSM. Maintain control: Enjoy full control over your encryption keys, including key lifecycle management, within a highly secure, tamper-resistant environment. Enhance performance: Benefit from the high availability and scalability of Managed HSM for critical workloads.   Purview Customer Key now supports three different options for key storage including Standard Azure Key Vault, Premium Azure Key Vault and Managed HSM. For more details about the differences between these options, see How to choose the right key management solution. Start leveraging the enhanced security and compliance benefits of Customer Key using Managed HSM today. For more information, visit Set Up Customer Key or learn more about Azure Key Vault and Managed HSM.   With Gratitude, M365 Data-at-Rest Encryption
ChrisWarren1
Jul 08, 2024 Place Microsoft 365
669Views
3likes
0Comments
URL Detonation Reputation - How do you like it?
I personally have found this detection technology to be a huge pain in the buttocks. To me, this feature doesn't really look at specific threats or risks, it just says "You cannot do anything that involves this domain name". And with that analogy, "involves" translates to any of the following: Domain is in the subject or body One of the included recipient addresses to which the message is addressed uses the domain. One of the recipients who show in the body of the email due to it being a conversation/thread, uses that domain in their address. An attachment includes that domain within its text (PDF, Word, Excel, TXT, all personally observed by me). These things get blocked as "High confidence phish". To me, they are not that whatsoever, until the message itself is doing some of the "phish" verb. This feels like an overstep on the verdict and I'd prefer they come up with a new name for the detection type, as well as a new drop down box for us to choose between MoveToJunk or Quarantine. Most times I've observed this feature "saving" clients, it's a pain in the butt for the client. I will point out the one improvement I've seen since I started belly-aching over this - it is that Microsoft now puts the bad URL/domain from within the attachments, into the list of URLs in the email entity page within M365 Defender portal. So there is at least that there now, which adds the improvement of not having to go through MS Support to find out what is the supposed bad-rep URL. Would like to know if anyone else finds this feature as a pain for the most part, and hear any other suggestions, or just confirmations about my suggestion (new category of detection so we don't have to treat these things like (HC)phish).
Solved
JeremyTBradshaw
Oct 03, 2023 Place Exchange
49KViews
2likes
31Comments
Compliance licenses at tenant level
Hi, We are a small organization of about 200 employees, and we have following requirements. DLP policies configuration at Exchange, OneDrive, SharePoint BYOD security Users should not be able to send files outside the org And so on as we evaluate We already have M365 Business Premium. However, after researching we figured out that M365 Business premium will alone not solve our requirements. May be compliance license will. We want to apply security policies at tenant level in our organization but definitely do not want every user to get licenses as this will be expensive for us and there is no requirement at all for our users. The question is, Is there a way to solve the above scenario?
kdonakanti
Mar 07, 2025 Place Microsoft 365
318Views
1like
3Comments
Meaning of 365 Mail Security's "SFS" Header Field
I've seen quite a few threads in various forums with this question. I'm trying to troubleshoot a message that was quarantined. The provided information doesn't contain any justification for the spam verdict. There is one field that might have an answer, however I can't find any official documentation on it. That's the SFS field. This page: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/message-headers-eop-mdo?view=o365-worldwide contains definitions for all of the header fields *except* the SFS field. The SFS field contains nothing but a long list of numerical codes. I'm inclined to think that these codes represent the reasons a message was marked spam. I saw a request for a list of definitions for the SFS codes in GitHub that was marked "resolved," "merged," and then deleted. That's concerning because the ticket it was merged into had a link to the document, but did not contain the requested information after all. I'm going to just assume it was an oversight on the part of tech working on the documentation: https://webcache.googleusercontent.com/search?q=cache:bMqVZtmJ-eUJ:https://github.com/MicrosoftDocs/microsoft-365-docs/issues/740&hl=en&gl=us Any chance we can get some information on the SFS field in order to properly troubleshoot quarantined messages? It seems pretty important, and really strange that the info is so hard to find.
BochulainCV
Jan 18, 2024 Place Microsoft 365
2.9KViews
1like
2Comments
assessing security restrictions between 'internal' and external access to an ExO mailbox
Do MFA/conditional access security features (plus any other default security protections built into Microsoft 365/Exchange Online) behave different dependent on where a connection is coming from. For example, will the system do the exact same MFA prompts/conditional access checks for an employee ‘in the office’ connecting via outlook from a managed device (InTune), as opposed a connection from a completely external source connecting via a non-managed device (personal smartphone/laptop for example). And if so, how and where specifically can you check the configurations to see the difference in prompts/restrictions between the 2 types of access (internal and external). For example, is it common to relax certain checks/prompts for ‘internal access’, that aren’t relaxed for external connections?
Solved
CRIB111
Dec 08, 2023 Place Microsoft 365
533Views
1like
1Comment
Office 365 ATP in conjunction with a Third Party spam filter
Hi, I'm just after any advice, experience, comments, lessons learned, etc in relation to using Office 365 Advanced Threat Protection to enhance anti-spam capabilities for Exchange Online.....but in a scenario where the anti-spam is being handled by an external service and not EOP. * Should we do this? * Does ATP lose some of it's capabilities when the filtered mail from the external spam filter is treated as clean (SCL -1 or equivalent)? * If there is no sender rewrite by the third party spam filter, does ATP mailbox intelligence or anti-phishing policies even work? * Anything to add would be welcome here really Regards
Solved
bdelamotte83
Jan 23, 2020 Place Exchange
5.9KViews
1like
4Comments