🔒 Enhanced Threat Detection with URL Click Alerts by Microsoft Defender for Office 365 🔒
🎯 Attackers often target employees with malicious URLs embedded in emails. To better protect against such threats, Microsoft Defender for Office 365 has introduced alerting policy enhancements for detecting, investigating, and remediating threats via URLs in emails. These alerts can detect threats at the time of click and potential threats within 48 hours of the first click.
🚨 Two URL click alert policies are offered:
1️⃣ A potentially malicious URL click was detected: When a user clicks on a malicious URL, Microsoft Defender for Office 365 scans it, checking for past threats to establish a reputation. If it identifies an attack, an alert is sent to security teams.
a) First User-First Click (Patient Zero): An alert is generated for the first user who clicks on a malicious URL, with subsequent alerts for each user who clicks on it later.
b) Delayed weaponising of the URL: If a URL is weaponised after users have clicked on it, alerts will be generated for all users who clicked on it in the past 48 hours when the next user clicks on it.
2️⃣ A user clicked through to a potentially malicious URL: If a user clicks on a potentially malicious URL, a warning page is displayed. If the user decides to proceed, security analysts are alerted.
🛡️ These policy enhancements provide invaluable protection against evolving tactics used by attackers, bolstering organisations' cybersecurity posture and fostering confidence in employees and SecOps teams.
Want to learn more?
Microsoft Defender for Office 365 - Office 365 | Microsoft Learn