| Table of Contents |
|---|
2024-05-22
| Status | ||||
|---|---|---|---|---|
|
Found within06-17
| Panel | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
Please join our webinar on June 20th, at 1:30 PM ET, to showcase all of the new features! Register at: https:// |
...
...
...
...
...
You can identify known external senders with which your organization frequently does business or has some other legitimate relationship. Authenticated messages from these senders will be labeled Known External in banners. Note that authenticated, external messages from a team domain will automatically be considered Known External, so there is no need to add any team domains here.
The value here should be a comma-separated list of email addresses, fully-qualified domain names, or registered domains (will automatically include all subdomains).
Bonus Protections for Confusable Domains: Any domain listed within the Known External Sender setting will always be used when evaluating the confusable domain check (e.g., lnky.com and inky.com).
...
Known External Senders Examples:
Consider the following entry within the Known External Senders text area.
| Code Block |
|---|
company.com, matt@organization.com, securitytides.com |
company.com- all mail authenticated fromcompany.comwill be considered as Known External Sender and used when evaluating Confusable Domains.matt@organization.com- only mail authenticated fromorganization.comwhen the mail from ismatt@organization.comwill be considered as Known External Sender, however, all mail from the domainorganization.comwill be used when evaluating Confusable Domains.securitytides.com- all mail authenticated fromsecuritytides.comwill be considered as Known External Sender and used when evaluating Confusable Domains.
...
These updates will be rolling out to all customers by June 19th, 2024.
| Status | ||||
|---|---|---|---|---|
|
| Note |
|---|
If you notice any issue when releasing messages from INKY’s Quarantine, please report to support@inky.com. |
INKY has always worked directly with the M365 Quarantine to ensure that all of your messages are maintained within the M365 ecosystem. With Microsoft’s Secure by Default push over the last couple of years we’ve heard request to have more control over the handling of what is in M365’s Quarantine and who put it there, INKY or Microsoft.
Get started with the INKY Quarantine feature by ensuring that the Setup & Maintenance Access API privilege is enabled https://app.inkyphishfence.com/settings/api-access. This access is required to interact with the M365 quarantine.
...
Once the permission is accepted navigate to https://app.inkyphishfence.com/quarantine to view the list of messages currently in the M365 Quarantine and their status.
...
Selecting any message will provide the initial details and optionally allow the admin to Preview the message.
...
Previewing the messages returns the content of the email’s body, as well as the Raw Headers for your review.
...
At the bottom of the preview an admin can “Release from Quarantine” if they deem appropriate.
...
When a message is released from Quarantine it may receive a “Released from Quarantine” Threat Category within the INKY Banner. This helps notify the recipient that the message was in Quarantine and even though it may still be initially graded as dangerous normal delivery routing may not apply and always be sent to the inbox.
...
Finally, if you’d like to filter on all messages that INKY specifically sent to the quarantine you can do so in the normal message list view using a filter. Once you’re on a message that needs to be released from quarantine you can use the Remediation Actions drop down to release directly from there.
...
| Status | ||||
|---|---|---|---|---|
|
...
|
M365 Message Trace has always been a fundamental way to debug any Microsoft or INKY routing concerns. This new feature now allows you to run a message trace for M365 messages directly within the INKY Console.
Get started with the INKY Message Trace feature by ensuring that the Setup & Maintenance Access API privilege is enabled https://app.inkyphishfence.com/settings/markup
If organizations want to further distinguish more trusted communications from Known External Senders and Internal Mail, you’ll now be able to include a Blue Banner color for them. Simply check the box that says “use color in Neutral banners to differentiate known senders (Internal and Known External) from other External senders.”
...
| Status | ||||
|---|---|---|---|---|
|
Organization Profiles have been used at INKY for many years. They have only been configurable by an INKY admin though, now with our latest update all super admins within an organization can view and manage their organizations profile.
To get started simply go to your organization level, denoted by the skyscraper symbol, where you’ll now see many more of the settings options available.
...
Selecting any of the settings options on the left will bring a familiar page but will now show where the settings inheritance is coming from. There are three icons to note the settings inheritance:
Globe: inheriting the default policy from INKY. 🌐
Skyscraper: overriding the global policy and applying to all teams. 🏢
Person: overriding the global policy and organization policy to set a local team policy. 🧑🦱
...
When making a change from the Organization level you’ll see a new popup warning you that saving the settings will apply to all of the teams within your hierarchy.
...
Once you have an organization profile set, you’ll see the skyscraper symbol on your end customer team, meaning you’re inheriting from the organization. Now you have the option to override an inherited setting at the team level if necessary.
Inheritance in settings flows from the top down, but the lower the setting is configured, the higher its priority. For example, a change made at the team level will override settings at the organization and global levels.
| Status | ||||
|---|---|---|---|---|
|
Coupled with our new Known External Sender setting comes a Possible Spoofed Known Sender threat category. Whenever an email comes in that matches a domain or email address from the Known External Senders list but doesn’t pass authentication (SPF/DKIM/DMARC) then it’ll be treated as a Possible Spoofed Known Sender.
...
api-access. This access is required to interact with the M365 message trace commands.
Navigate to https://app.inkyphishfence.com/settings/tools and select “Open Message Trace” which will bring up the required parameters to search Microsoft for a given message. Include the appropriate Message ID and Recipient Address then Select Search.
...
You’ll now see a list of all of the steps a message took through M365 and if it even made it to INKY.
...
At the bottom of the message trace page, you can copy everything to a clipboard or download the CSV so you can share as needed.
Additionally, if you’re on the Message Detail View you can use the “…” and select the Message Trace option to run a trace for that message immediately.
...
| Status | ||
|---|---|---|
|
The M365 installer is getting a slightly different look, which you’ll see in the video below, as well as the backend processing becoming more robust.
There is also a new option to add all users to the IPW-Group on install, that you’ll see as a checkbox option within Step 2.
...
| Status | ||
|---|---|---|
|
If a message had a Known External banner, you’ll now see it within the INKY Dashboard and have this text if and only if the message was neutral, from internal or known external, and the "blue banner setting" was enabled at the time of analysis.
...
| Status | ||
|---|---|---|
|
Found on the Partner Center summary page you’ll now see an overview of the API Access grated on each team. Hovering over the cell for the appropriate team will show you the dates the API Access was granted for each one, or not granted if applicable.
...
| Status | ||
|---|---|---|
|
Pivots from a Message Detail view allow you to build new list based on the selector chosen. We’ve recently enhanced this feature to support pivoting from a deep link message detail view (typically found in report links) and pivot off the Sender IP Address.
Clicking on the star's icon will from within a single message view will allow you to pivot back to the Message List for the particular option selected.
Pivoting off a Sender IP address is now supported.
...