Monday, January 18, 18:55
Home security Microsoft: Phishing protection features in Office 365

Microsoft: Phishing protection features in Office 365

Microsoft has announced that phishing protections, including OAuth Publisher Application Verification and Application Consent Policies, are now available in Office 365.

These protections are designed to protect Office 365 users from a variety of apps-based phishing attacks known as "consent phishing".

Office 365 phishing

In this type of phishing attack, targets are misled to provide access to accounts in Office 365, providing royalties in Office 365 OAuth malware.

Microsoft says it will release three updates designed to enhance the security of the Office 365 application ecosystem, such as:

  • General availability of publisher verification
  • User Consent Updates for Unverified Publishers
  • General availability of application consent policies

Exclude applications from unverified sources

Publisher verification allows developers to add a verified ID to app registrations and prove to customers that the application comes from an authentic source. "

Since this feature went public preview in May, more than 700 app publishers have been verified by Microsoft, which amount to a total of over 1300 app registrations.

Apps implemented by accredited publishers feature the "Verified" mark on all ad consents, as well as on other screens where they appear to make it easier for end-users to verify the authenticity of the app.

New generally available consensus policies applications for end-user consent provide administrators with "more controls over applications and permissions that users can consent to."

"It simply came to our notice then risk malicious applications trying to trick users into giving them access to data We recommend that you allow user consent only to applications published by a certified publisher, ”explains Microsoft.

Once application consent policies are in place, users will only be able to grant permissions to applications developed by verified publishers, thus preventing future phishing attacks.

All Office 365 users will be protected from application-based attacks, now that publisher verification is generally available as “they will no longer be able to consent to new applications registered after November 8, 2020 and coming from unverified publishers. ”

Such applications will be automatically labeled as dangerous and labeled as unverified on all consent screens.


Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehc
Be the limited edition.


Android: How to make Signal the default messaging app

Signal is a popular encrypted messaging application that focuses on privacy. It is an alternative to ...

Google Cloud: We use some SolarWinds, but we were not affected by the hack

Google Cloud CISO Phil Venables has revealed that the cloud uses software from the vendor, SolarWinds, but states that the use ...

Scotland Environment Service: ransomware continues to affect us

The Scottish Environmental Protection Agency (SEPA) has confirmed that it was hit by a ransomware attack last month and continues to face ...

Backdoors and vulnerabilities were discovered in FiberHome routers

Backdoors and other vulnerabilities have been discovered in the firmware of a popular FiberHome FTTH ONT router. FTTH ONT stands for Fiber-to-the-Home Optical Network ...

GitHub apologizes to an employee who fired! What happened;

GitHub has admitted that it was wrong to fire a Jewish official who made "anti-Nazi" comments about the Capitol riots.

By 2030 AI will replace the people of cybersecurity

Security company Trend Micro recently conducted a new survey that reveals that more than two-fifths (41%) of IT leaders believe ...

Chinese Winnti APT targets organizations in Russia and other countries!

Security researchers at Positive Technologies have uncovered a series of attacks carried out by a Chinese APT hacking team targeting organizations in Russia ...

Silicon Valley is investing a huge amount of money in India

From March to November, even when COVID-19 destroyed economies around the world, the richest man in India ...

Microsoft, Salesforce, Oracle are designing a digital vaccination passport

A Covid digital vaccination passport is being developed jointly by a team of health and technology companies, as well as governments, airlines and ...

Google removes Chrome Sync from third-party browsers

Google says it will block the use of private Google APIs by third-party Chromium web browsers after discovering that ...