Microsoft has announced that phishing protections, including OAuth application publisher verification and application consent policies, are now generally available on Office 365.
These protections are designed to protect Office 365 users from phishing attacks (Phishing).
In this type of attack, targets are tricked into gaining access to their Office 365 accounts by granting permissions to malicious applications.
Since this feature came in May, more than 700 application publishers have been verified by Microsoft, with a total of more than 1300 application registrations.
Newly available user consent policies provide administrators with "more controls over applications and permissions that users can consent to."
"To reduce the risk of malware trying to trick users into giving your organization access to your organization's data, we recommend that you only allow user consent for applications published by a verified publisher," explains Microsoft.
Once application consensus policies are in place, users will only be able to assign permissions to applications developed by verified publishers, thus preventing future phishing attacks.
Microsoft warned its customers in July of threats to the use of Office 365 OAuth applications in phishing attacks as part of the Business Email Compromise (BEC) fraud schemes.
The ultimate goal of attackers in such cases is to take over their victims' Microsoft accounts and make API calls on their behalf through hacker-controlled applications.
For more advice on how to defend against security threats, organizations can also read the support document.Detect and recover illegal grants in Office 365".