Microsoft is adding support for allowing emails containing malicious URLs or attachments to reach the mailboxes of end-users to make it easier to run phishing training sessions or simulations.
This will be done via a self-remediation portal by enabling Office 365 security administrators to choose items that could contain threats and to allow them to reach the recipients' inboxes after passing through all layers of the Office 365 Exchange Online Protection (EOP) filtering stack.
EOP is a cloud-based filtering service that scans for and blocks spam and emails containing malicious attachments from ending up in Exchange Online mailboxes.
Dedicated Allow/Block list portal
"We understand that from time to time, customers may want to ensure delivery of certain messages containing malicious content for specific reasons, such as phishing simulations and training," the company explains on the feature's roadmap page.
To help customers get around having their phishing simulation emails getting blocked, Microsoft's new portal gives admins the possibility to explicitly allow or block certain attachments and URLs in their Office 365 tenants through the new Tenant Allow/Block list portal.
Office 365 ATP also provides users with an Attack Simulator tool allowing global or security admins to run spear phishing, password spray, and brute force (dictionary) attacks within their organizations
Microsoft wants to roll out the Tenant Allow/Block list portal during Q3 2020 and to make it generally available to all customers with an Advanced Threat Protection plan in all Office 365 environments.
More Office 365 ATP enhancements in Q3 2020
Also during Q3 2020, Redmond wants to put a stop to enterprise data theft by disabling Office 365's email forwarding to external recipients by default, as well as to make it possible to enable the feature for select users within tenants.
Automated malicious content blocking will be available to all paying Office 365, regardless of admin or user custom configurations.
Once enabled, Office 365 will honor EOP/ATP malware analysis (detonation) verdicts to automatically block malicious files and URLs.
Office 365 ATP will also provide more info on malware samples and malicious URLs discovered during detonation, and will be able to export a list of the top targeted users by phishing attacks.
Last but not least, Office 365 ATP users will get more info on the route incoming emails take through the filtering stack before reaching their inbox and the effectiveness of any security configuration changes.
Source: paper.li