Microsoft Office 365 is adding some protections to the Office 365 software suite, designed to make you safer.
Hackers commonly target Office 365 users with a type of attack known as “Consent Phishing.” That means that the hacker in question will use various social engineering techniques to trick a target victim into giving up access to Office 365 by using their permissions. If the Microsoft Office 365 user grants those permissions, the app can install all manners of malware on the target’s device.
The new security upgrades that Microsoft Office 365 is rolling out makes users safer in three different ways:
- First by a general tightening of app consent policies
- Second, by placing a greater level of scrutiny on publishers of OAuth apps during the verification process
- Third, by changing the rules surrounding user consent when consent is asked for by an unverified publisher
Office 365 has verified more than 700 different app publishers and more than 1300 individual apps by recognizing the small blue badge with a white checkmark in its center. Downloading these types of apps is safe.
“To reduce the risk of malicious applications attempting to trick users into granting them access to your organization’s data, we recommend that you allow user consent only for applications that have been published by a verified publisher.”A Microsoft Representative
It’s good advice, and these are excellent (even if they’re somewhat overdue) changes to Microsoft Office 365’s policies. Kudos to Microsoft for rolling out the upgrades to their processes and the legitimate publishers who are already moving to embrace the recent changes. Microsoft Office 365’s new protection will help keep users safe, and that’s an excellent thing.