13 Apr Microsoft Defender for Office 365: Updates
Microsoft Defender for Office 365: Spam detection report to be retired in July
Microsoft Defender for Office 365: Malware detected in email to be retired in June
We will retire the Malware detected in email report from Microsoft Defender for Office 365 beginning June 14, 2021.
You are receiving this message because our reporting indicates your organization may be using the Malware detected in email report.
Key points
- Timing: June 14, 2021
- Action: transition from the Malware detected in email report to the Threat protection status report
What you need to do to prepare
Instead of using Malware detected in email report, we recommend you use the Threat protection status report, which is where we will continue to invest our resources.
You might want update your training and documentation as appropriate.
Microsoft Defender for Office 365: Safe attachment message disposition to be retired in June
You might want update your training and documentation as appropriate.
Microsoft Defender for Office 365: Safe attachment file types report to be retired in June
Microsoft Defender for Office 365: Forwarding report to be retired in June
Microsoft Defender for Office 365: Updates to post-delivery detections and investigations
Microsoft Defender for Office 365 is introducing new alert policies related to post-delivery detections as well as enhancements to the Automated Investigation & Response (AIR) playbooks associated with them.
In addition, we are modifying the severity classification for six default alert policies to better align the alerts with their impact on your organization.
This message is associated with Microsoft 365 Roadmap ID 70614.
When this will happen
- New alerts rollout begins on April 14, 2021
- We will disable two existing alert policies on April 30, 2021
- The severity classification changes happen at the end of April
How this affects your organization
These new alerts, and the AIR playbooks that will trigger from these alerts, will accurately capture the threats of the emails and entities, including if the URL points to a malicious file or if the file contains a malicious URL.
New alerts:
- Email messages containing malicious URL removed after delivery
- Email messages containing malicious file removed after delivery
- Email messages from a campaign were delivered and later removed
- Malicious emails were delivered and later removed
Existing alerts that will be disabled the end of April:
- Email messages containing phish URLs removed after delivery
- Email messages containing malware removed after delivery
You will see both new and to-be-removed alerts along with new alerts between April 14 and April 30 to provide your security teams with time to handle any required changes. In order to help security teams with the increased alert volume during this short duration, the existing and new alerts will be correlated into the same AIR investigation as well as correlated into the same Incidents.
In addition, we are modifying the severity classification of the following default alert policies to better align with the potential risk and impact on your organization and to help your security teams prioritize alerts.
- Suspicious Email Forwarding Activity
- Email reported by user as malware or phish
- Unusual increase in email reported as phish
- Admin Submission Result Completed
- Creation of forwarding/redirect rule
- eDiscovery search started or exported
What you need to do to prepare
If you are utilizing alerts either through an API, alert email notification, or in the Office 365 Security & Compliance Center (protection.office.com/viewalerts) or Microsoft Security Center (security.microsoft.com/viewalerts), you will need to modify your workflows by April 30, 2021.
If you are not currently utilizing these alerts you may:
- Disable the existing alert policies in order to reduce alert volume in your tenant: “Email messages containing phish URLs removed after delivery” and “Email messages containing malware removed after delivery”
- Do nothing, we will disable these two existing alert policies on April 30, 2021
Learn more
Sorry, the comment form is closed at this time.