microsoft 365 defender
93 TopicsNo URL Detection in Emails with Extensive %2580 Encoding
Hi Community, I encountered a concerning issue where emails containing URLs with extensive encoding (%2580) completely bypassed all detection and security mechanisms. These encoded URLs weren’t identified as links, which allowed them to evade security scanning. Issue Details: The email contained malicious URLs encoded with %2580. The URLs were not flagged or identified as links, allowing the payload to bypass filters entirely. Questions: Has anyone else encountered similar issues with encoded URLs bypassing detection? What’s the best process to submit this email to Microsoft for analysis and improvements to detection mechanisms, since no URL's were identified? Looking forward to your input and recommendations. Thanks in advance!183Views0likes4CommentsAnti-malware policy doesn't block files
Hello Microsoft Community, We have recently found that Anti-malware policy doesn't block files that are set to be blocked by the policy. For example, when we send an *.ics file with a cmd/exe/jse/rdp and other files inside of the ics, the email is not blocked and is delivered to users. We did several tests with external security vendor by sending real malwares, ransomwares and exploits attached to the ics and all of them passed the filtering system. Is anyone aware of the issue? Doesn't MDO scans nested files?! This has happened with a few tenants. Those tenants have Microsoft E5 licenses.Setting up Admin Quarantine
Hi, We are looking to set up admin quarantine as per the instructions in here: Protect files with admin quarantine - Microsoft Defender for Cloud Apps | Microsoft Learn We have followed this step by setting up a location for admin quarantine: However, when editing the 'Malware Detection' rule in Defender we do not get an option for 'Put in admin quarantine', only 'Put in user quarantine': Does anyone have any idea how to resolve this? Thank you.XM/Laroux.CF
Hello Expert, Need your assistance to XM/Laroux.CF issue . Mails are being quarantine due to the XM/Laroux.CF and we have to manually release the mails Can we make any changes in our O365 Defender anti-malware policy so mails containing XM/Laroux.CF does not quarantine ? Thanks in advanceAutomating User Tags
When we create a custom user tag we can select a group and have all the users in the group tagged. However if a user is removed or added to that group at a later stage the tag is not removed/added. Is there a way to automate this? Only thing I found is that this was before on the roadmap but seems to have been removed? https://m365admin.handsontek.net/microsoft-defender-for-office-365-tagging-support-for-groups/ https://learn.microsoft.com/en-us/defender-office-365/user-tags-about If you assign a group to a user tag, members of the group at the time of tag creation are assigned tag. Users later added to the group aren't automatically assigned the user tag.Emails being accepted by large organisation
Hi I have to interact regularly with a large UK public sector organisation. Unfortunatley, a number of my emails (and those of my colleagues that have the same domain name) end up in spam folders or spam quarantines and it is very frustrating. I have requested that our email addresses are "whitelisted" but this has been refused on the grounds of security even though there is no history of the domain being used insecurely. I am told it is because of the "hopping" of my emails . My emails have the spf on them. I have also never received a blocked senders notice from Microsoft. Is there anything that can be done?MS 365 Defender - What permissions are needed to move and delete emails in Explorer?
I need a tech with limited permissions to be able to Remediate malicious email delivered in Office 365 These are the options I have in Admin. I tried a bunch of recommended actions, yet I don't seem to have the correct Admin portals as shown here. For example, I don't have MS 365 Defender Permissions Group shown in the video:1.2KViews0likes4CommentsWhat steps can I take, given Microsoft Defender's report?
In September I posted a question in this forum, I'm not sure what to do with the data breaches Microsoft Defender reports. I've proceeded to use the "Take Action" button. After clicking on that button Microsoft Defender took me to its report on what it found. It listed a website I've never heard of before. I use a password manager, so I double checked there. I don't have an account on that website. The information it has there is about half correct, a quarter of the information is wrong, and the rest is out of date by 10+ years. There were a few other websites that it reported on. Some I can manage, as Microsoft Defender gave me enough information about them. Others are not helpful, as Defender just says, "From an unknown source", then the rest of the information isn't helpful at all. Anyway, my concern is that this information is out there especially with the first reported incident, and I don't see how I can stop this spurious website from displaying it. And I certainly have no idea how it got it in the first place. So, what can I do about some website that got this information from somewhere and displays it for whoever to see it?239Views0likes0CommentsMicrosoft Defender for Office 365 Implementation
Hello. I would like to discuss and get few information as mentioned below, 1) Which plan of Defender for Office 365 is included in Microsoft 365 Business Basics? 2) Can I buy only Microsoft Defender for Office 365 licenses? Which plan will be included in that license? 3) If only Defender for Office 365 license is bought then will this license only provide protection to the user that has the license assigned or the whole organization? 4) Are there any steps that I can follow to configure/ implement Microsoft Defender for Office 365? 5) What are the features of Microsoft Defender for Office 365 (plan 1 and Plan 2)? Thank you for your attention.I'm not sure what to do with the data breaches Microsoft Defender reports
First of all, I realize that this forum may not be the right place for me to post any question about Microsoft Defender. If this is the wrong place, I apologize and please direct me to the correct place. I have a Microsoft 365 for Family license, so I thought this forum might be the correct place for me to post a question about Microsoft Defender. When I logged into my Windows profile on my Windows 11 desktop, I was presented with a popup from Microsoft Defender. It asked me to fill out some additional information, which I did. At the end of that process, it told me that I was listed in some data breaches, that it found on "the dark web". But many of them (there aren't a lot of them) have unhelpful information. For example, one reads: "Compromised info found on Aug 19, 2022 From an unknown source" Then it lists my email address and a glyph for an email password. But the bottom line is I don't know what to do with this. There's a button that's labeled, "Take action", but I'm not comfortable clicking on a button when it appears to me like Microsoft Defender hasn't a clue as to what to do about it. So, what should I do with this ambivalent information?