MC388229 – Microsoft is making enhancements to Microsoft Defender for Office 365 preset security policies. It will provide a way to apply the policy to the entire organization and be able to optionally configure a list of custom users and custom domains to protect against impersonation attacks.
Impersonation protection applies to Microsoft Defender for Office 365 Plan 1 and Plan 2 & Microsoft 365 Defender
This message is associated with Microsoft 365 Roadmap ID 93262
When this will happen:
Standard: Rollout will begin in late June and be completed by late September
GCC/GCC-H/DoD: Rollout will begin in late August and be completed by late November
How this will affect your organization:
Security Admins and SecOps teams will be able to apply policy settings to all users of your organization using preset strict/standard policies, however, you can still select specific recipients. SecOps teams will be able to configure custom users and custom domains to protect against impersonation attacks. You will be able to provide a list of trusted senders and trusted domains that you want to allow to be impersonated and it won’t be flagged from such impersonated senders/domains.
Note: Within preset strict/standard policies, the impersonation protections for custom users and domains have always been available and turned ON until now. After this change, when there are custom users and domains added in the list, impersonation protection will be applied to incoming messages and will be quarantined.
What you need to do to prepare:
Review your existing Anti-Phishing policies within threat policies and consider creating/updating preset policies with custom users and/or custom domains to protect against impersonation attacks. Microsoft recommends updating your necessary training documents accordingly.
Learn More:
Previous Exchange Online Changelog Messages
Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.