Latest Microsoft 365 update adds more phishing protection

Loredana Harsana
by Loredana Harsana
Editor
0 Comments
Download PDF
Affiliate Disclosure

  • The latest Microsoft 365 updates seem to be designed to improve consent phishing protection.
  • To strengthen the app’s security, they focus on user consent updates for unverified publishers.
  • In order to become a power user in no time, do take a closer look at this Microsoft 365 section.
  • You can also bookmark our Microsoft Office Guides Hub to find all about the latest Office tools.
Stay safe from consent phishing

Microsoft officially started to roll out three updates designed to improve consent phishing protection for Microsoft 365 users.

This comes as a response to the security challenges brought by remote working. They made Microsoft 365 users even more exposed to security threats such as consent phishing.

This precise type of phishing attack works in a specific way: users are easily tricked into providing access to their Microsoft 365 accounts. They end up granting permission to malicious Microsoft 365 OAuth.

However, things are about to change drastically, as Microsoft reveals:

End users will no longer be able to consent to new multi-tenant apps registered after November 8th, 2020 coming from unverified publishers.

What are these new Microsoft 365 updates all about?

The three updates under discussion are designed to strengthen the security of the entire Microsoft 365 app ecosystem.

Their focus areas include blocking end-user consent to unverified app publishers, the general availability of publisher verification, along with the availability of all app consent policies.

For example, customers can manage settings for user consent by choosing from the following built-in app consent policies:

consent policies

Moreover, when using Azure AD PowerShell, admins can set up custom app consent policies for more granular control.

Configuring the user consent settings through the Azure portal is incredibly simple too. As an admin, simply sign in to the Azure portal and find your way to the Azure Active Directory.

While here, choose Enterprise applications > Consent and permissions > User consent settings and select the desired consent setting for all users. Finally, select Save to keep the recently made changes.

As for developers, publisher verification finally lets them distinguish their apps to customers by receiving the verified badge on the Azure AD consent prompt.

What do you think of these latest Microsoft 365 update changes? Do tell us in the comments area if you feel better knowing that they will defend you from consent phishing.