A typical month for the Microsoft Office 365 Exchange Online Protection team might be considered atypical for most. In their fight against spam and malware, they process over 200 billion emails each month and block 10 million spam messages every minute. That’s the norm for their malicious threat protection efforts—but they don’t stop there. As email attackers around the globe are getting smarter and more sophisticated, they are making big investments in to Exchange Online Protection and Advanced Threat Protection services to proactively identify and block the most dangerous email threats, with features like:
- Built-in protection against malicious attack vectors, with spoof and common attachment-type detection.
- Visible protection to end-users via Safety Tips to prevent users from interacting with detected malicious emails.
- Rich learning mechanisms for users, such as Phish Reporting and Advanced Threat Protection.
It takes constant vigilance to protect against external threats without disrupting end user productivity. That’s why Microsoft has introduced several new capabilities in Exchange Online Protection and Advanced Threat Protection, which help protect you from unknown external threats while providing admins visibility on targets within their companies and options for mitigating or eliminating attacks.
Dynamic Delivery of Safe Attachments—Last June, Microsoft introduced Advanced Threat Protection Safe Attachments to protect against unknown threats by detecting viruses in email attachments. After going through the standard Office 365 protection process of three anti-virus engines and multiple spam filters, an email with a suspicious attachment enters the Safe Attachment sandbox environment, which has a detonation chamber to analyze the attachment and determine whether or not it’s safe—a process that typically takes 5–7 minutes.
With Dynamic Delivery of Safe Attachments, they eliminated that delay by sending the body of the email with a placeholder attachment, while the actual suspicious attachment undergoes a Safe Attachment scan. Recipients can read and respond to the message, which includes notification that the original attachment is being analyzed. If the real attachment is cleared, it replaces the placeholder; if not, the admin can filter out the unwanted and potentially malicious attachment. Dynamic Delivery of Safe Attachments is now in private preview for Advanced Threat Protection customers and is scheduled for general availability this quarter.
Zero-hour Auto Purge—In the event of incorrectly categorizing an unread email as spam, malicious or safe, Zero-hour Auto Purge provides the ability to change that verdict. For example, if a message is delivered to your inbox and later found to be spam, Zero-hour Auto Purge moves that message from the inbox to the spam folder; the reverse is true for messages misclassified as spam. Now in preview with approximately 50 customers and available on demand, Zero-hour Auto Purge will be rolled out for all Exchange Online Protection global tenants in the first quarter of 2016. IT admins will have total control over using this feature or not since Zero-hour Auto Purge can be disabled in the admin center.
Safety Tips in Outlook on the web—This Exchange Online Protection feature proactively gives user-friendly safety tips that help you decide whether or not to open an email. For example:
- If an email is from a trusted sender, you are notified that it’s a safe message.
- If you receive a suspicious or phishing email, the message states that it’s from an untrusted source.
Protection against insider spoofing—Yet another growth area for “spoofers” is what’s called “insider spoofing” or “peer phishing,” when a phisher impersonates high-ranking company executives by spoofing the company’s email domain. The email looks like an internal email, making it hard for existing filters to identify as malicious. Fortunately, by built-in intelligence that leverages big data, strong authentication checks and reputation filters, Exchange Online Protection has strengthened its counterfeit detection by over 500 percent.