1/16/2019 4:44 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
So Long and Thanks For All The Phish 1/16/2019 4:44 PM BRK3279 So Long and Thanks For All The Phish Brian Reid (Office 365 MVP and Exchange MCM) © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
What Are We Talking About? 1/16/2019 4:44 PM What Are We Talking About? The fraudulent attempt to obtain sensitive information Phish Creation of email messages with a forged sender address Spoofing Common technique in targeted phishing attacks Impersonation A way to prove the sender really is the sender Authentication Sender Policy Framework SPF DomainKeys Identified Mail DKIM Domain Message Authentication Reporting & Conformance DMARC © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
What Is The Issue? SMTP has always been by default anonymous You can easily send an email pretending it came from someone else “Proper” uses of this include outsourced marketing and mailing lists Its difficult to implement this well and the perceived complexity means that companies worry their email will get blocked if they implement it badly
DMARC Policies of Fortune 500 Companies 1/16/2019 4:44 PM DMARC Policies of Fortune 500 Companies Vulnerable to being spoofed March 2018 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
How Do We Authenticate Emails We Receive 1/16/2019 4:44 PM How Do We Authenticate Emails We Receive v=spf1 ip4:1.2.5.5 ip4:8.2.7.4 ip4:7.3.2.2 ip4:5.5.1.8 include:_spf.salesforce.com include:spf.protection.outlook.com -all SPF "v=DKIM1; p=MIGfMA0GDQEBgQCrZ6z … 6UvqP3QIDAQAB" DKIM v=DMARC1; p=reject; rua=mailto:dmarc@dmarc-aggregator.com; ruf=mailto:dmarc-ruf@dmarc-aggregator.com DMARC To send email to Microsoft (i.e. to an Office 365 user or Outlook.com) then you need to implement this to stop your email being marked as spam © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
That Sounds Hard – Are There Easier Ways? 1/16/2019 4:44 PM That Sounds Hard – Are There Easier Ways? Composite Authentication (compauth) – aka Machine Learning ATP and EOP Anti-Spoof Protection. Microsoft using the power of the cloud to determine if spoofed email Default AntiPhish Policy Additional Policies How To Configure In the Office 365 Security and Compliance Centre Via PowerShell © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Anti-Phishing Policy Demo
New Insights and Reports 1/16/2019 4:44 PM New Insights and Reports © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
What Are My Other Options To Protect My Users? Other ATP features Office ATP for Safe Links and Safe Attachments Insider Phishing Attack Simulator Multi-Factor Authentication Conditional Access Stopping Weak Password, Legacy Auth etc. Authenticators and Hardware Tokens
Please evaluate this session Your feedback is important to us! 1/16/2019 4:44 PM Please evaluate this session Your feedback is important to us! Please evaluate this session through MyEvaluations on the mobile app or website. Download the app: https://aka.ms/ignite.mobileApp Go to the website: https://myignite.techcommunity.microsoft.com/evaluations © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
1/16/2019 4:44 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.