Microsoft upgraded their EOP anti-spoofing capabilities inside Office 365, which is good, but they didn’t tell anyone. The first users knew was when they started to receive messages stamped with “the sender failed our fraud detection checks” – something that is never assuring. This only applies to ATP customers, but it’s not the first time Microsoft has failed to communicate important news.
Exchange Online Protection now highlights unauthenticated users – or messages that come from people who cannot prove their identity. Instead of a nice picture (or avatar), you see a question mark for the user. Maybe this might make people think twice about the opportunity to send money to someone to liberate funds held in a bank. Just maybe.
Microsoft has released the Report Message add-in for Outlook 2016 to help Office 365 users report when spam arrives into Inboxes or messages are incorrectly treated as Junk. It’s a good way to get information about new threats to Microsoft security researchers.
Microsoft introduced the Safe Attachments feature as part of its Advanced Threat Protection (ATP) offering in 2015. ATP is an option for Exchange Online Protection (EOP). It is included in the Office 365 E5 plan and can be licensed as an add-on for $2/user per month for other Office 365 plans. Now Safe Attachments can handle dynamic delivery and the improvement is noticeable.
It’s impossible for an email hygiene service like Exchange Online Protection (EOP) to suppress every possible piece of malware that attempts to penetrate Office 365. Even the broad array of anti-malware techniques will let some small percentage of spam through. Email administrators need to be on guard all the time.
Microsoft is introducing safety tips to Office 365 to highlight bad or suspicious email that might tempt users to do things that they shouldn’t. The initiative is good and valuable, but it rather loses some of its gloss because not all safety tips are exposed in Outlook. However, Microsoft is making sure that mobile and other clients see safety tips, even if not in the same interactive manner as is possible with OWA.