Anonymous
My feedback
-
16 votes
Anonymous supported this idea ·
-
10 votes
Anonymous supported this idea ·
-
189 votes
Anonymous supported this idea ·
-
29 votes
Anonymous supported this idea ·
-
25 votes
An error occurred while saving the comment Anonymous supported this idea ·
-
24 votes
Anonymous supported this idea ·
-
3,725 votes
Azure Active Directory Conditional Access has functionality for “Countries/Regions” – see https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition
That said, the most effective protection you can have against password spray attacks is to enable MFA and disable basic authentication. If you cannot do this for your entire organization, then blocking user access to legacy protocols like POP, EWS, IMAP and SMTP is another step you can take. Exchange Online Client Access Rules can help you to further customize (https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/client-access-rules/client-access-rules). For additional recommendations, please see Office 365 Secure Score.
That said, please know that we are listening to feedback and working on solutions to help make Office 365 users more secure. Thank you for the feedback.
Anonymous supported this idea ·
An error occurred while saving the comment Anonymous commented
The article below describes how to set that up.
-
130 votes10 comments · Office 365 Security & Compliance » Spam & Phishing · Flag idea as inappropriate… · Admin →
When you have another service scanning in front of Office 365, the proper thing to do is disable the Office 365 scanning altogether and (optionally) respect the verdict from the prior system. Once you do that, even with the SPF header, the mails will not go to the users’ junk folders.
An error occurred while saving the comment Anonymous commented
You can just turn off SPF checks in your Spam filter advanced settings.
-
265 votestry this instead · 13 comments · Office 365 Security & Compliance » Spam & Phishing · Flag idea as inappropriate… · Admin →
Anonymous supported this idea ·
This should be option should be integrated in to the Azure Information Protection as a option when setting up the label.