Microsoft has announced that phishing protections, including OAuth Publisher Application Verification and Application Consent Policies, are now available in Office 365.
These protections are designed to protect Office 365 users from a variety of apps-based phishing attacks known as "consent phishing".
Microsoft says it will release three updates designed to enhance the security of the Office 365 application ecosystem, such as:
- General availability of publisher verification
- User Consent Updates for Unverified Publishers
- General availability of application consent policies
Exclude applications from unverified sources
Since this feature went public preview in May, more than 700 app publishers have been verified by Microsoft, which amount to a total of over 1300 app registrations.
Apps implemented by accredited publishers feature the "Verified" mark on all ad consents, as well as on other screens where they appear to make it easier for end-users to verify the authenticity of the app.
New generally available consensus policies applications for end-user consent provide administrators with "more controls over applications and permissions that users can consent to."
"It simply came to our notice then risk malicious applications trying to trick users into giving them access to data We recommend that you allow user consent only to applications published by a certified publisher, ”explains Microsoft.
Once application consent policies are in place, users will only be able to grant permissions to applications developed by verified publishers, thus preventing future phishing attacks.
All Office 365 users will be protected from application-based attacks, now that publisher verification is generally available as “they will no longer be able to consent to new applications registered after November 8, 2020 and coming from unverified publishers. ”
Such applications will be automatically labeled as dangerous and labeled as unverified on all consent screens.