Are you an Office 365 user? If so, be aware that Microsoft is adding some powerful new protections to the software suite, designed to make you safer.
Hackers commonly target Office 365 users with a type of attack known as "Consent Phishing." That basically means that the hacker in question will use a variety of social engineering techniques to try and trick a target victim into giving up his or her Office 365 access, usually by way of an app that asks for permissions. If the user grants those permissions, the app can install all manner of malware on the target's device.
The new security upgrades that Microsoft is rolling out makes users safer in three different ways:
- First by a general tightening of app consent policies
- Second, by placing a greater level of scrutiny on publishers of OAuth apps during the verification process
- Third, by changing the rules surrounding user consent when consent is asked for by an unverified publisher
These changes are already in place, and since their initial rollout, Microsoft has verified more than 700 different app publishers and more than 1300 individual apps. Verified apps can be recognized by the small blue badge with a white check mark in its center. Those apps, you can install with confidence.
As a Microsoft representative explained:
"To reduce the risk of malicious applications attempting to trick users into granting them access to your organization's data, we recommend that you allow user consent only for applications that have been published by a verified publisher."
It's good advice, and these are excellent (even if they're somewhat overdue) changes to the company's policies. Kudos to Microsoft for rolling out the upgrades to their processes, and to the legitimate publishers who are already moving to embrace the recent changes. This will help keep users safe, and that's a very good thing.