How Microsoft 365 – E5 Can Help Protect Your Organization Against Phishing Attacks
Microsoft 365 E5 is an enterprise cloud-based suite of Microsoft Office productivity apps combined with advanced voice, analytics, security, and compliance services. It is an upgrade over lower tiers E1 and E3. Though threat protection features are included in all Microsoft or Office 365 subscriptions, an E5 license provides some advanced features.
There are also Security E5 add-on options, meaning even companies with E3 licenses can benefit from the extended features of Microsoft 365 E5 without switching completely to E5.
With Microsoft 365 E5, Microsoft is moving the focus from defending the network edge to defending identities. This change in focus is part of the “zero-trust” model of security.
What are some security features unique to E5 that can help with credential phishing attacks?
Microsoft Defender for Identity (MDI)
Microsoft Defender for Identity parses Active Directory network traffic and uses profiling, static rules, machine learning, and behavioral methods to detect and alert about suspected identity compromise. One of the alerts from MDI’s attack kill chain is “compromised credential”, which can help identify logins to the network from unusual locations – including an attacker who successfully phished credentials from a user.
More reading: https://learn.microsoft.com/en-us/defender-for-identity/technical-faq
Azure AD Identity Protection
Azure AD Identity Protection uses risk-based conditional access to automatically detect compromised user account logins and vulnerabilities based on artificial intelligence of machine learning. Some of the capabilities overlap with MDI. It looks for risks like:
- Logins from anonymous IP addresses
- Logins from known malware-linked IP addresses
- Logins from atypical or previously unseen locations
More reading: https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection
Microsoft Defender for Office 365
Microsoft Defender for Office 365 includes cloud-based email filtering that protects against threats to email and collaboration tools, such as phishing schemes, malware attacks, and business email compromise.
In E5, it includes Safe Documents, a feature that uses the cloud backend of Microsoft Defender for Endpoint to scan opened Office documents in Protected view. This can help protect against malicious attachments. It also includes some additional threat tracking and investigation capabilities.
More reading: https://learn.microsoft.com/en-us/office365/servicedescriptions/office-365-advanced-threat-protection-service-description
Phishing Attack Simulations
Attack simulation training in E5 assists with benign cyberattack simulations throughout your organization. These simulations test your security policies, and both train and assess your employees on their phishing awareness. Over time, this training method can decrease your organization’s susceptibility to attacks.
Attack simulations are available in E5, as well as Microsoft Defender for Office 365 Plan 2.
More reading: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulation-training-simulations
More Reading:
Information about Microsoft Office 365 tiers:
https://www.microsoft.com/en-us/microsoft-365/compare-microsoft-365-enterprise-plans
Anti-phishing policy tips available in Microsoft 365 (both E3 and E5), visit this link: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-phishing-policies-about
Recommended anti-phishing settings for Microsoft Defender 365 and EOP:
How Can Sedara Help?
Sedara’s team of Cybersecurity experts are here to assist your organization in selecting the best approach to cyber defense for your organization click here to get started!