Microsoft has announced that phishing protections, including OAuth application publisher verification and application consent policies, are now generally available on Office 365.
These protections are designed to protect them users of Office 365 from phishing attacks (Phishing).
In this type of attack the targets are misled to deliver access στους λογαριασμούς τους στο Office 365, παρέχοντας δικαιώματα σε malicious applications.
Since this feature came in May, more than 700 application publishers have been verified by Microsoft, with a total of more than 1300 application registrations.
Newly available application consent policies for user consent give administrators "more control over applications and permissions that users can consent to."
"To reduce the risk of malicious applications trying to trick users into giving your organization access to your organization's data, we recommend that you only allow user consent for applications published by a verified publisher," explains Microsoft.
Once application consensus policies are in place, users will only be able to assign permissions to applications developed by verified publishers, thus preventing future phishing attacks.
Microsoft warned its customers in July that agents were threatening to use Office 365 OAuth applications in phishing attacks as part of the Business Email Compromise (BEC) fraud schemes.
The ultimate goal of attackers in such cases is to take over their victims' Microsoft accounts and make API calls for account them through applications controlled by hackers.
For more tips on how to defend against security threats, organizations can also read the support document “Detect and recover illegal grants in Office 365".
