Microsoft has announced that phishing protections, including OAuth application publisher verification and application consent policies, are now generally available on Office 365.
These protections are designed to protect its users Office 365 from phishing attacks (Phishing).
In this type of attack the targets are misled to deliver access to their Office 365 accounts, granting permissions to malicious applications.
Since this feature came in May, more than 700 application publishers have been verified by Microsoft, with a total of more than 1300 application registrations.
Newly available application consent policies for user consent give administrators "more control over applications and permissions that users can consent to."
"To reduce the risk of malicious applications trying to trick users into giving your organization access to your organization's data, we recommend that you only allow user consent for applications published by a verified publisher," explains Microsoft.
Once application consensus policies are in place, users will only be able to assign permissions to applications developed by verified publishers, thus preventing future phishing attacks.
Microsoft warned its customers in July about threat actors using Office 365 OAuth applications in phishing attacks as part of programs scamς Business Email Compromise (BEC).
The ultimate goal of attackers in such cases is to take over their victims' Microsoft accounts and make API calls on their behalf through hacker-controlled applications.
For more advice on how to defend against security threats, organizations can also read the document supports "Detect and recover illegal grants in Office 365".
