26.3.2020 • Tietoturva
Protect your users from phishing when working from home with Microsoft 365
”Hard times arouse an instinctive desire for authenticity”, said Coco Chanel once. Unfortunately, tragedies like COVID-19 are always exploited by malicious actors. As Microsoft shared, themed phishing attacks are on the rise. Microsoft 365 organizations need to ensure authenticity of their e-mails.
This blog article has been updated to match current security landscape in August 2023.
Protecting the users from phishing still relies on two main topics: anti-spoofing and anti-phishing. When preventing spoofing, we need to make sure that forged sender address cannot be used. The current framework for this is DMARC, which encapsulates SPF and DKIM checks together with from field verification. This needs to be combined with Anti-Phishing Policies in your Microsoft 365 tenant.
The best part of DMARC is in my opinion the aggregate reporting functionality. With our customers we use DMARC Advisor for aggregate reporting of e-mail authentication, to identify legitimate unprotected sending systems and get visibility for spoofing attempts. Whether you are currently using DMARC or not, implicit DMARC checks are in any case done for your e-mails by major vendors such as Microsoft and Google, so better take control of it straight away.
For phishing, the main prevention technology is Defender for Office 365. This gives you real-time tools to prevent users from accessing phishing site links, investigate phishing campaigns and clean up the damage. In multi-layer defense strategy, deploying Azure AD Conditional Access with multi-factor authentication and legacy authentication block is essential for mitigating the results of successful phishing.
The last line of defense is always the end-users. They need constant security awareness to be able to distinguish fraud attempts, and to have the courage to contact support in case of any doubt about authenticity of e-mails. Just like Coco!
Need help?
Take advantage of our help and expertise for security and data protection
Microsoft 365 customers have the best chance of ensuring the safe management of Azure, endpoint security, end-user identities and the safe use of M365 services and other enterprise applications. Read more about our security services, get in touch with us and start leveraging the security of the cloud in your environment!
Arttu Arstila
Consulting & Training
Arttu on Sulavan Lead Microsoft 365 Architect. Hän keskittyy Microsoftin pilviteknologioiden konsultointiin projektien eri vaiheissa esiselvityksistä ja tiekartoista käyttöönottoihin ja tukeen. Artun erikoisosaaminen on tietoturvassa ja identiteettien hallinnassa.