Posey's Tips & Tricks

Microsoft Improves Office 365 Protection Against Phishing Attacks (for Some)

While the new capabilities to protect Office 365 users from malicious e-mails are welcome, they're only available for those who are paying for the more expensive subscription model.

• By Brien Posey
• 02/21/2017

Back in the '90s when Internet access first went mainstream, e-mail phishing attempts were somewhat laughable. I can't think of a single person who fell for the infamous Nigerian Prince scam. Today, the Nigerian Prince scam is still around, but phishing attempts have largely gotten more sophisticated. Sure, many e-mail scams are very easy to spot, but there are also those scams that are well designed and difficult to differentiate from legitimate messages.

Recently, Microsoft has taken a huge step in the right direction by adding Office 365 functionality that is designed to help Office 365 users mitigate malicious links within e-mail messages and avoid malicious attachments. There is just one problem with this added functionality: unless you happen to work for a huge corporation, you probably don't have access to it.

The new protective features, which I will tell you about in a moment, have been incorporated into Microsoft's Advanced Threat Protection feature. Now, in all fairness, these new capabilities are really enhancements to previously existing features within Advanced Threat Protection, so I can understand why Microsoft chose to expose the new security features in the way that they did.

The problem is that Microsoft only offers Advanced Threat Protection as a part of its Office 365 Enterprise E5 plan. In case you are wondering, this plan is 75 percent more expensive than the Office 365 Enterprise E3 plan, which is one step below the E5 plan.

I have been writing about Microsoft products for what seems like an eternity. In fact, I was once the editor in chief of The Cobb Group's Windows 3.1 journal.  That's how long I have been writing about Windows and all things Microsoft. In that time, I have seen Microsoft do a lot of really great things, as well as some things that weren't so good. Regardless, I have always held Microsoft in high regard for their efforts to keep their customers safe and secure. I will be the first to admit that Microsoft's security efforts have not always worked as intended, but the effort has always been there.

I think that Microsoft has done its customers a major disservice by providing the new message protection capabilities only to those who purchase the most expensive Office 365 subscription plan. The new protective capabilities that Microsoft has introduced should be included in all Office 365 plans as a basic security feature.  Normally, I'm not one to call on Microsoft to offer something for free, but I feel very strongly that basic security capabilities should be included with all Office 365 plans, and I really hope that someone from Microsoft is reading this post.

So with that said, I'm going to stop ranting and get back to the task at hand -- namely talking about the new security features in Office 365.

Microsoft has introduced two new security capabilities as a part of its Office 365 Advanced Threat Protection. The first of these features is called URL Detonation. URL Detonation is designed to protect users against malicious links within e-mail messages.

Previously, if a user were to click on link within an e-mail message, Advanced Threat Protection would use a reputation filter to determine whether the link might be malicious. This was a good step, but there were ways in which those with bad intent could fool the reputation filter.

The new URL Detonation feature takes things further by checking to see what the link does. If a user clicks on a link, the user will see a message stating that the link is being scanned. Meanwhile, the Link Detonation feature is at work in the background monitoring the link's behavior in an effort to determine whether the link might be malicious. If malicious behavior is detected, then the user receives a message indicating that the Website has been classified as malicious. Otherwise, the link is opened.

Microsoft's other new capability is called Dynamic Delivery. Dynamic delivery is an extension of the Safe Attachments feature, which has long existed within Office 365. The Safe Attachments feature simply scans message attachments for malware in an effort to keep the user safe. One of the most common complaints about the Safe Attachments feature is that it can take a while to scan a message attachment. With Dynamic Delivery, which is currently in preview, Microsoft actually replaces message attachments with placeholder attachments. That way, the user can read and respond to the message, and remain productive, while the attachment is being scanned. Once the attachment is determined to be safe, then the placeholder attachment will be replaced by the real attachment.

If you would like to know more about Microsoft's new security enhancements to Office 365, then there is a nice write up about the features here.