Microsoft announced that its phishing protections (Phishing), including OAuth application issuer verification and application consent policies, are now generally available in Office 365.
These protections are designed to protect them users of Office 365 from attacks phishing (Phishing).
In this type of attack, targets are tricked into gaining access to their Office 365 accounts by granting rights to malicious applications.
Since this feature came in May, more than 700 application publishers have been verified by Microsoft, with a total of more than 1300 application registrations.
Newly available application consent policies for user consent give administrators "more control over applications and permissions that users can consent to."
"To reduce the risk of malicious applications trying to trick users into giving your organization access to your organization's data, we recommend that you only allow user consent for applications published by a verified publisher," explains Microsoft.
Once application consensus policies are in place, users will only be able to assign permissions to applications developed by verified publishers, thus preventing future phishing attacks.
Microsoft warns customers in July of threats to Office 365 OAuth applications as part of phishing scams Business Email Compromise (BEC).
The ultimate goal of attackers in such cases is to take over their victims' Microsoft accounts and make API calls for account them through applications controlled by hackers.
For more advice on how to defend against security threats, organizations can also read the support document.Detect and recover illegal grants in Office 365".