Microsoft Continues Battle Against Malware with Outlook Add-in

Ongoing Battle Against Malware

I have covered the changing tactics used by Exchange Online Protection (EOP) in its ongoing battle to combat malware several times recently. EOP runs in the background to analyze and block suspicious email, using techniques like Dynamic Delivery to make sure that end users only receive safe email.

Inevitably, although Microsoft has some of the best security experts in the world working on EOP, a small percentage of bad stuff gets through and arrives into user mailboxes. Now, Microsoft is making it easier to report when unwanted email arrives in the Inbox. Or conversely, to let them know when Exchange redirects messages to the Junk Email folder and those messages are perfectly good.

A New Outlook Add-in

Microsoft’s solution is the “Report Message” add-in for Outlook 2016 that they automatically publish to Exchange Online users. The add-in shows up in the menu bar and is available when any email folder is chosen (the add-in is deactivated when Outlook is positioned in a non-email folder, like one that stores an RSS feed).

Report Message Anti-malware add-in
Figure 1: The Report message add-in (image credit: Tony Redmond)

The intention is that people use the add-in to report bad messages that sneak into their Inbox to Microsoft. Messages can be reported as “Junk”, such as spam that you do not expect to see arrive into your Inbox, or “Phishing”, one of those dangerous messages that lure people into doing the wrong thing, like giving their credit card details to a friendly spammer. If a legitimate message ends up in Junk Email, you can tell Microsoft that something went wrong with their email screening.

Letting Microsoft Know

You can also send a copy of massages marked as Junk or Phishing to Microsoft to help them understand the characteristics or “signature” of the message and how it managed to evade EOP screening (Figure 2).

Outlook Report Message add-in Options
Figure 2: Junk Email Reporting Options (image credit: Tony Redmond)

The default is to ask before sending, which is a safeguard in case you select a message incorrectly. No one wants to accidently send copies of confidential emails to Microsoft. But the copies of reported messages are incredibly important to help Microsoft’s security researchers understand how attackers evolve their methods to avoid detection.

Making Things Easy

There’s nothing new in asking users to help improve the effectiveness of anti-malware technology by providing samples of messages that get through. In the past, Microsoft asked people to send copies or problem messages to them by email. Of course, everyone promptly forgot the email address or could not remember it when a problem message arrived. Building the functionality to report bad messages into Outlook is just sensible. Microsoft should probably have done this long ago. Some malware will always sneak through, but giving Microsoft examples of what does get through is a good way to help them close off the holes.

Everywhere in Office 365 Soon

The add-in is available to preview customers now and is likely to be rolled out to all Office 365 tenants after Microsoft has had a chance to evaluate customer feedback. In line with Microsoft’s strategy to make Outlook a brand where all clients get the same functionality when it makes sense, I expect to see this feature eventually turn up in OWA and the Outlook mobile clients.

And if you don’t like the idea behind the add-in, you can easily remove it. Which is what I expect spammers’ friends to do.

Follow Tony on Twitter @12Knocksinna.

Want to know more about how to manage Office 365? Find what you need to know in “Office 365 for IT Pros”, the most comprehensive eBook covering all aspects of Office 365. Available in PDF and EPUB formats (suitable for iBooks) or for Amazon Kindle.