What is going on with my e-mail?
As the threat landscape continues to evolve and security organizations struggle to update their posture to keep clients protected, large entities like Microsoft often make seemingly minor adjustments which have big impacts at scale. For the past 2 years now, Microsoft has adopted a practice of security baselining where all customers achieve a minimum level of security through global policies and templates. Often, these changes can be disruptive; however, their benefit always outweighs the cost. One such change involves Office 365 services, particularly Exchange Online and Microsoft Defender for Office 365. Microsoft calls this collective group of enhancements and defaults “Secure by default in Office 365”. You can read more about these policies here Secure by default in Office 365 – Office 365 | Microsoft Learn.
Microsoft collects tremendous amounts of data about what its users do, and how those actions often affect users negatively. They identified two key data points and decided to act. First, a user is thirty times more likely to click a malicious link on a message in the Junk Folder versus a message in Quarantine. Second, the false-positive rate for high-confidence phishing e-mails is extremely low. As such, part of the new default as that these messages now go directly to Quarantine by default, instead of the Junk Folder. Additionally, user-defined safe-sender and safe-domain lists are far too broad and cause more harm than good. The good news is that you are now better protected from yourself by these higher levels of security as a default. The bad news is that you may see a higher number of false-positive items than you did previously.
What is CCP Technologies doing to help me?
We take security seriously. It’s a central part of every solution we provide. For outbound e-mails, we will be making efforts in the coming weeks to help you achieve a level of e-mail security that helps your e-mails reach their targets without issue. This involves implementing and verifying 3 pillars of e-mail security: SFP, DKIM, and DMARC. Additionally, we will help you coordinate with your partners to help them do the same. These security items are central to modern e-mail security, and organizations without them will continue to have more and more difficulties as these security standards continue to grow. For inbound e-mails, we will be implementing new Transport Rules that will help properly configured domains to bypass some of the security controls, thus lowering the number of false-positive messages.
Your users are part of the solution. We want to encourage users to be aware of phishing campaigns through security training. These training campaigns require very little effort from users, are extremely effective at helping users to identify and report phishing e-mails instead of falling for them, and often carry the added benefit of providing discounts on cyber insurance policies. Users should also have access to all layers of their e-mail security, including the quarantine, at any time.
By visiting https://security.microsoft.com/quarantine, any user can monitor and quickly identify and release a false-positive e-mail message.
Stay tuned!
…for more information about the products and services we offer. CCP Technologies understands the need for maintaining business security without grinding operations to a halt with overbearing policies and restrictions. As your IT Security partner, let us grow together and navigate this harsh threat landscape successfully.
I need more help.
If you need help with your company’s cybersecurity, we are here to help. Contact us for a Free IT Consultation. In the meantime, read about what others have said about our services.
Senior System Engineer - Security Expert
Jason has been with CCP Technologies for over 13 years.