phishing
58 TopicsBuilt-in report button is available in Microsoft Outlook across platforms
Outlook and Defender for Office 365 are excited to announce the release of built-in report button in Microsoft Outlook across platforms (web, new Outlook for Windows, classic Outlook for Windows, Outlook for Mac, Outlook for Android, Outlook for iOS, and Outlook for android Lite) for both personal and commercial accounts. You can find the built-in button across Outlook: Outlook on the web. New Outlook for Windows. Outlook for Mac version 16.89 (24090815) or later. Classic Outlook for Windows version Current channel: Version 16.0.17827.15010 or later. Monthly Enterprise Channel: Version 16.0.18025.20000 or later. Semi-Annual Channel (Preview): Release 2502, build 16.0.18526.20024 Semi-Annual Channel: Release 2502, build 16.0.18526.20024 Outlook for iOS version 4.2508 or later and Outlook for Android version 4.2446 or later. Outlook for Android Lite Benefits the built-in report button provides for security admins It works out of the box with no setup required The reporting experience for end user is the same across consumer and commercial accounts The report button is consistent across Outlook clients The report button is front and center on all clients The report button is present on the grid view, reading panel, preview panel, context menu The report button enables the user to select in bulk and report messages at once You can turn on and off the pre and post reporting popups for users in your organization using user reported settings You can customize the individual pre and post reporting popup by adding text and links in 7 diff languages The report button is present on shared and delegate mailboxes enabling end users to report emails. Now present on outlook for web, new outlook for windows, outlook for mac, outlook for android and outlook for iOS The end user reports made by these clients are routed as per the message reported destination configured in the user reported settings. You can view the user report as soon as they are made on the user reported page If you have configured Microsoft only or Microsoft and my reporting mailbox in the user reported settings, the result from Microsoft analysis are available on the result column You can turn off the built-in report button on user reported settings by Selecting non-Microsoft add-in button and providing the address of the reporting mailbox of the 3 rd party add-in, or Deselecting monitor reported messages in outlook Note: The report phish add-in and the report message add-in does not provide support for shared and delegate mailbox. The report phish add-in, the report message add-in, and the built-in report button all read from the same user reported settings and use the same internal reporting API. In a way there are two different doors (entry point) to the same house (the backend). For the moment, the report message and report phish add-in are in maintenance mode to provide enough time for customers to migrate to the built-in button. To learn more, please check out Transition from Report Message or the Report Phishing add-ins - Microsoft Defender for Office 365 | Microsoft Learn Report phishing and suspicious emails in Outlook for admins - Microsoft Defender for Office 365 | Microsoft Learn User reported settings - Microsoft Defender for Office 365 | Microsoft Learn Protect yourself from phishing - Microsoft Support Report phishing - Microsoft Support How do I report phishing or junk email? - Microsoft SupportNo URL Detection in Emails with Extensive %2580 Encoding
Hi Community, I encountered a concerning issue where emails containing URLs with extensive encoding (%2580) completely bypassed all detection and security mechanisms. These encoded URLs weren’t identified as links, which allowed them to evade security scanning. Issue Details: The email contained malicious URLs encoded with %2580. The URLs were not flagged or identified as links, allowing the payload to bypass filters entirely. Questions: Has anyone else encountered similar issues with encoded URLs bypassing detection? What’s the best process to submit this email to Microsoft for analysis and improvements to detection mechanisms, since no URL's were identified? Looking forward to your input and recommendations. Thanks in advance!194Views0likes4CommentsBuild custom email security reports and dashboards with workbooks in Microsoft Sentinel
Security teams in both small and large organizations track key metrics to make critical security decisions and identify meaningful trends in their organizations. Defender for Office 365 has rich, built-in reporting capabilities that provide insights into your security posture to support these needs. However, sometimes security teams require custom reporting solutions to create dedicated views, combine multiple data sources, and get additional insights to meet their needs. We previously shared an example of how you can leverage Power BI and the Microsoft Defender XDR Advanced Hunting APIs to build a custom dashboard and shared a template that you can customize and extend. In this blog, we will showcase how you can use workbooks in Microsoft Sentinel to build a custom dashboard for Defender for Office 365. We will also share an example workbook that is now available and can be customized based on your organization’s needs. Why use workbooks in Microsoft Sentinel? There are many potential benefits to using workbooks if you already use Microsoft Sentinel and already stream the hunting data tables for Defender for Office 365: You can choose to store data for a longer period of time via configuring longer retention for tables you use for your workbooks. For example you can store Defender for Office 365 EmailEvents table data for 1 year and build visuals over longer period of time. You can customize your visuals easily based on your organization’s needs. You can configure auto-refresh for the workbook to keep the data shown up to date. You can access ready to use workbook templates and customize them if it's needed. Getting started After you connect your data sources to Microsoft Sentinel, you can visualize and monitor the data using workbooks in Microsoft Sentinel. Ensure that Microsoft Defender XDR is installed in your Microsoft Sentinel instance, so you can use Defender for Office 365 data with a few simple steps. Detection and other Defender for Office 365 insights are already available as raw data in the Microsoft Defender XDR advanced hunting tables: EmailEvents - contains information about all emails EmailAttachmentInfo - contains information about attachments in emails EmailUrlInfo - contains information about URLs in emails EmailPostDeliveryEvents – contains information about Zero-hour auto purge (ZAP) or Manual remediation events UrlClickEvents - contains information about Safe Links clicks from email messages, Microsoft Teams, and Office 365 apps in supported desktop, mobile, and web apps. CloudAppEvents – CloudAppEvents can be used to visualize user reported Phish emails and Admin submissions with Defender for Office 365. The Microsoft Defender XDR solution in Microsoft Sentinel provides a connector to stream the above data continuously into Microsoft Sentinel. Microsoft Sentinel then allows you to create custom workbooks across your data or use existing workbook templates available with packaged solutions or as standalone content from the content hub. How to access the workbook template We are excited to share a new workbook template for Defender for Office 365 detection and data visualization, which is available in the Microsoft Sentinel Content hub. The workbook is part of the Microsoft Defender XDR solution. If you are already using our solution, this update is now available for you. If you are installing the Microsoft Defender XDR solution for the first time, this workbook will be available automatically after installation. After the Microsoft Defender XDR solution is installed (or updated to the latest available version), simply navigate to the Workbooks area in Microsoft Sentinel and on the Templates tab select Microsoft Defender for Office 365 Detection and Insights. Using the “View Template” action loads the workbook. What insights are available in the template? The template has the following sections with each section deep diving into various areas of email security, providing details and insights to security team members: Detection overview Email - Malware Detections Email - Phish Detections Email - Spam Detections Email - Business Compromise Detections (BEC) Email - Sender Authentication based Detections URL Detections and Clicks Email - Top Users/Senders Email - Detection Overrides False Negative/Positive Submissions File - Malware Detections (SharePoint, Teams and OneDrive) Post Delivery Detections and Admin Actions Email - Malware Detections Email - Business Compromise Detections (BEC) Email - Sender Authentication based Detections URL Detections and Clicks False Negative/Positive Submissions File - Malware Detections (SharePoint, Teams and OneDrive) Post Delivery Detections and Admin Actions Can I customize the workbook? Yes, absolutely. Based on the email attributes in the Advanced Hunting schema, you can define more functions and visuals as needed. For example, you can use the DetectionMethods field to analyse detections caught by capabilities like Spoof detections, Safe Attachment, and detection for emails containing URLs extracted from QR codes. You can also bring other data sources into Microsoft Sentinel as tables and use them when creating visuals in the workbook. This sample workbook is a powerful showcase for how you can use the Defender for Office 365 raw detection data to visualize email security detection insights directly in Microsoft Sentinel. It enables organizations to easily create customized dashboards that can help them analyse, track their threat landscape, and respond quickly—based on unique requirements. Do you have questions or feedback about Microsoft Defender for Office 365? Engage with the community and Microsoft experts in the Defender for Office 365 forum. More information Integrate Microsoft Defender XDR with Microsoft Sentinel. Learn more about Microsoft Sentinel workbooks. Microsoft Defender for Office 365 Detection Details Report – Updated Power BI template for Microsoft Sentinel and Log Analytics Learn more about Microsoft Defender XDR.Intune - Phishing-Resistant MFA
Good Afternoon, So sorry but I'm quite novice. I am trying to merge all Intune users to phishing-resistant MFA (PR-MFA) only (excluding break-the-glass users/admins). On Entra, I do this by disabling Microsoft-Managed MFA and setting a new authentication strength with all three (PR-MFA) modalities selected as the only allowable MFA. Then, I set a conditional access policy to grant all users to access all resources only if they have PR-MFA registered, because I don't want them to use other MFA like SMS. This makes all existing users switch over and disables weaker methods (like text messages), but I can't onboard new users. I reviewed the log for a test user who I could not register, and I saw that the issue is that during registration, the passkey must already exist BEFORE the new user can set up a passkey or other PR-MFA method, which is impossible. Is there a way to let Intune use just the new user's password alone for initial PR-MFA registration?Solved164Views0likes2CommentsAdding Targeted Users/Groups in Attack Simulator
Is there a setting that may have changed recently or needs to be changed that enables filtering by groups when creating a simulation. I am unable to browse our groups in our organization any longer, I can choose from other options like City, Departments, Titles, etc. but the AD groups do not populate any longer in this list when trying to add Target Users. Thank you, Jerid5.8KViews1like4CommentsAnnouncing quarantine release integration in Microsoft Defender for Office 365 hunting experience!!
This feature allows SecOps teams to define and better filter on messages with custom queries and take release action directly from hunting experiences - Threat Explorer, Advanced Hunting, Email summary panel, Email Entity Page, and custom detections!!AIR Result : Email template modification
Hi, I want to change the email language for the Automated investigation and response (AIR) after a phishing report. I found the page where you can set a custom email "Body" and "Footer". This works, but I also need to change the other parts of the email or at least find a way to translate it in french. Right now, there's a mix of english and french (The body and footer I configured) but I need the whole thing to be in french. I would appreciate a hand on this issue. Thank you !! PS : See the screenshot for the part I want to translate.