Microsoft is updating Defender for Office 365 to protect customers from embedded email threats while previewing quarantined emails.
Microsoft Defender for Office 365 (previously Office 365 Advanced Threat Protection) provides Office 365 enterprise email accounts with protection from multiple threats, including business email compromise and credential phishing, as well as automated attack remediation.
The soon-to-be-released update is designed to limit users’ exposure to unwanted or malicious content by adding additional security controls to block embedded threats.
It works just like the feature that blocks pixel tracking in regular email clients, but it prevents threat actors from knowing a target has loaded an image or other embedded content.
“We’re changing the way users preview quarantined messages to provide additional security against embedded threats,” Microsoft explains on the Microsoft 365 roadmap.
“With this change some components in quarantined messages will be distorted and not displayed by default. To see the full contents of the message, users can choose to reveal the full message.”
Besides secured preview of quarantined emails, Microsoft Defender for Office 365 will also roll out other key quarantine management features that will make it easier for security operations (SecOps) teams and end-users to triage emails:
- Quarantine folder policy and user release request workflow
- Customer organization branding
- Streamlined email submission from the quarantine portal
- Robust release of bulk quarantined emails
- Quarantine support for shared mailboxes
During the next few months, Microsoft is also planning to add several other enhancements, including hourly end-user spam alert and large-scale bulk release to help SecOps professions to release more than 100 mails at one time.
Earlier this year, Microsoft announced that Defender for Office 365 would make it easier for customers to identify users and domains targeted in impersonation-based phishing attacks.
Defender for Office 365 will also notify Office 365 customers of suspected nation-state hacking activity detected within their tenants.