Emails being accepted by large organisation
Hi I have to interact regularly with alarge UK public sector organisation. Unfortunatley, a number of my emails (and those of my colleagues that have the same domain name) end up in spam folders or spam quarantines and it is very frustrating. I have requested that our email addresses are "whitelisted" but this has been refused on the grounds of security even though there is no history of the domain being used insecurely. I am told it is because of the "hopping" of my emails . My emails have the spf on them. I have also never received a blocked senders notice from Microsoft. Is there anything that can be done?Learn more about Microsoft Security Communities.
In the last five years, Microsoft has increased the emphasis on community programs – specifically within the security, compliance, and management space. These communities fall into two categories: Public and Private (or NDA only). In this blog, we will share a breakdown of each community and how to join.
Create targeted attack simulation training campaigns with dynamic groups
When it comes to email security, even the most reliable employees can sometimes be unpredictable. Our days are filled with clicks, taps, likes, swipes, pings, texts, and more, leaving us open to acting fast without always being thorough and cautious. That’s why simulation training should be a key component in every organization’s email security strategy. It plays a critical role in educating and empowering employees to recognize common phishing and social engineering tactics, adopt a security first culture, and protect their organizations from associated security risks. Attack simulation training is an intelligent phish risk reduction tool that measures behavior change and automates deployment of an integrated security awareness training program across an organization. We’re excited to announce dynamic targeting for Attack simulation training in Defender for Office 365. You can now use theMicrosoft 365 group – dynamic membership typecreated in Microsoft Entra admin center to define the recipients of your simulations and training campaigns. It provides a more efficient and effective way to manage target users for simulations and trainings, allowing you to assign foundational security training to new hires, send simulation campaigns to users in departments or locations with high turnover, and more such use cases—without having to manually manage groups. With this, the list of supported group types in Attack simulation training are as follows: Microsoft 365 group (both static and dynamic) Distribution group (static only) Mail-enabled security group (static only) What are dynamic groups? Dynamic group membership is defined by one or more rules that check for certain attributes in user accounts. These groups are automatically updated as user attributes change, ensuring that the group membership is always up to date. This is particularly useful for large organizations where manually managing group memberships can be time-consuming and error prone. Use the Microsoft 365 group dynamic membership type in Microsoft Entra ID to tailor your simulation and training campaigns to specific user groups, making the training more relevant and effective. Some use cases of dynamic groups in Attack simulation training: Target users more effectively based on specific criteria such as department, role, or location. Example: For sending a simulation email to users in Sales or Marketing departments, the dynamic membership rule can be written as: (user.department -eq "Sales") -or (user.department -eq "Marketing") Target users based on different hiring timeframes using the attribute "employee hire date". A few examples are shared below: To send a simulation email or a training campaign to those hired after a particular date, such as June 30, 2024, the dynamic membership rule can be written as: (user.employeeHireDate -ge 2024-06-30) To automate simulation emails for users who will be hired within the next 30 days, the dynamic membership rule can be written as: (user.employeeHireDate -le system.now -plus P30D) -and (user.employeeHireDate -ge system.now) How to create and use dynamic groups in simulations: To create and use dynamic groups, follow these steps: Sign in to Azure Portal as at least a Groups Administrator and select Microsoft Entra ID, followed by Groups. Create a new group and choose Microsoft 365 as the group type. Enter a name, email address, and description for the group. Select Dynamic user as the membership type and select Add dynamic query. Define the rules for the dynamic query based on the user properties that you want to use. You can add multiple rules and combine them with AND/OR operators. Validate the rule. Select Save and then select Create. Go to the Defender portal and select Attack simulation training. Select the Simulations tab and create a new simulation or edit/copy an existing one. On the Target users page, select Add users and search and select the dynamic group that you created and select Add user(s). Complete rest of the simulation settings and Create or Save the simulation. How to use dynamic groups in training campaigns: Repeat steps 1-5 shared above. Select the Training campaign tab and create a new campaign. On the Target users page, select Add users and search and select the dynamic group that you created and select Add user(s). Complete the rest of the campaign settings and Create or Save the campaign. How to use dynamic groups in simulation automations: Repeat steps 1-5 shared above. Select the Simulation Automations tab and create a new automation. On the Target users page, select Add users and search and select the dynamic group that you created and select Add user(s). Complete the rest of the automation settings and Create or Save the automation. Note for automated simulations: If a user is removed from a dynamic group after taking part in a simulation, this user will still appear in simulation reports and continue with assigned trainings. If a user is added to a dynamic group after the last simulation in an automation has run, the user won’t be simulated because this automation is considered complete. At the start of an automation, users are divided across different simulations. If new users are added after some simulations have run, these users will be distributed across the remaining simulations. More information: Learn more about the differenttypes of Microsoft 365 groups Create or edit a dynamic group Manage rules for dynamic groups Learn about nested group properties in dynamic groups Modify groups based on your requirements.
Automating User Tags
When we create a custom user tag we can select a group and have all the users in the group tagged. However if a user is removed or added to that group at a later stage the tag is not removed/added. Is there a way to automate this? Only thing I found is that this was before on the roadmap but seems to have been removed? https://m365admin.handsontek.net/microsoft-defender-for-office-365-tagging-support-for-groups/ https://learn.microsoft.com/en-us/defender-office-365/user-tags-about If you assign a group to a user tag, members of the group at the time of tag creation are assigned tag. Users later added to the group aren't automatically assigned the user tag.
MS 365 Defender - What permissions are needed to move and delete emails in Explorer?
I need a tech with limited permissions to be able to Remediate malicious email delivered in Office 365 These are the options I have in Admin. I tried a bunch of recommended actions, yet I don't seem to have the correct Admin portals as shown here. For example, I don't have MS 365 Defender Permissions Group shown in the video:
