Microsoft is planning to provide more info on spam emails detected as malicious by the Office 365 Advanced Threat Protection (ATP) filtering stack and allow organizations to export their list of the top targeted users by phishing attacks.
Additional improvements to the Office 365 ATP Threat Explorer will make it easier for customers to gain access to extra details on post-delivery actions following Manual Remediation or Exchange Online zero-hour auto-purge (ZAP).
Rolling out in Q3 2020
Microsoft mentions the "addition of spam verdict within Threat Explorer, so that going forward you will be able to identify if a particular email was Malware, Phish or Spam," and the introduction of "Threat Type Filter for All Email View, so that you can directly go to All-Email view and filter out the malicious emails."
"Showing Threats in URLs to identify the verdict associated with a URL (Malware, Phish, Spam or None)" and "Additional Actions to identify the post-delivery actions like ZAP or Manual Remediation which were applied to an email," will also be available through the Threat Explorer interface for easier threat hunting.
Last, but not least, in a separate Microsoft 365 roadmap entry, Redmond also says that Office 365 ATP will make it possible to "export the list of Top Targeted Users across each view for offline analysis."
Microsoft wants to roll out these Office 365 enhancements during Q3 2020 and to make them generally available for all customers with an Advanced Threat Protection plan in standard multi-tenant Office 365 environments.
Incoming Office 365 enhancements
Office 365 ATP users will also get more info on the route incoming emails take through the filtering stack before reaching their mailbox and the effectiveness of any security configuration changes, as well as extra details on malware samples and malicious URLs detected following detonation.
Starting with the fourth quarter of 2020, Office 365 will try to stop enterprise data theft via email forwarding by disabling email forwarding to external recipients by default for all customers.
The company also plans to add automated malicious content blocking in Office 365 during Q3 2020 regardless of admin or user custom configurations unless they're manually overridden.