2024-07-24

Owned by Matthew Sywulak
Last updated: Jul 24, 2024
4 min read

2024-07-24

NEW THREAT CATEGORY - External Sharing Link

Receiving sharing links from third parties has been the cause of many concerns due for phishing. We’ve added a new Caution Threat Category called External Sharing Link. This category will currently work against SharePoint and OneDrive shared objects but will expand to other third-party services in the future.

The protection will be enabled by default but will not contain any “Trusted” Microsoft tenants.

image-20240723-175541.png

For Microsoft Tenants that you DO NOT wish to receive an External Sharing Link warning you can simply add their tenant’s name in the “Do not warn about the following trusted Microsoft tenant domains” multi-box and it will suppress the External Sharing Link threat category for that tenant.

The tenant’s name is the subdomain of the tenant address found within an M365 system that ends in .onmicrosoft.com for example, polvocapital.onmicrosoft.com - polvocapital would be entered in the multi-box to suppress the External Sharing Link threat category for Polvo Capitals tenant.

The External Sharing Link threat category by itself is just a caution banner, however, if it’s coupled with additional categories, such as First-Time Sender, it’ll push towards being a dangerous message more quickly than previously. It’s also possible that the External Sharing Link threat category rises to a Danger threat level by itself if it’s coupled with raw suspicious text, such as Contract Bid, Quote Request, Secured Document or other similar terms that are more frequently used in phishing attempts.

Configured your External Sharing Link at the bottom of Analysis - INKY and for our customers that utilize Organizations to manage many teams this setting can be inherited from the Organization profile.

NEW FEATURE - Delegated Tenant Access

Found at the bottom of API Access - INKY for a given team you’ll find an option to enable or disable Delegated Access to Tenant Mail Content.

When Delegated Mail Content Access is enabled, parent and ancestor organization administrators will be authorized to access sensitive mail content within your tenant, such as the body of the mail. Note that this applies only to administrators who can remediate mail (Policy Admin, Super Admin).

To modify this section, you must be signed in as an administrator with mail content permissions on the team's tenant and have Directory and Remediation API Access granted.

This is not the MSP admin account but the end customers admin account.

image-20240723-184152.png

NEW FEATURE - End-User Read Receipt Option on Encrypt Action

When adding an action to an Outbound Mail Protection rule you can select the Cog Icon to customize the action setting. This action configuration now allows you to include read receipts when sending encrypted messages.

As an admin navigate to Outbound Protection - INKY and configure your specific rule and when you add the encryption action you can select “Send Read Receipts”

When an end user opens an encrypted email by navigating through the login process the sender of the encrypted email will receive the below Email Encryption message view notification.

ENHANCEMENT - Improved Rule Editor Summary Description

Adding a readable action summary to the Outbound Mail Protection rule editor gives admins more visibility on the exact actions that are selected.

ENHANCEMENT - Update Cybsafe Phishing Awareness Training IP addresses

If your team utilizes Cybsafe on the Phishing Awareness Training - INKY we’ve updated the matching algorithm to ensure we identify their phishing training emails. No action is required if the Cybsafe provide is already selected.

BUG FIX - Run-away scrolling on message list

There may have been times, when scrolling through large list of messages on the message list view within the Observations Page or Custom Dashboard. We’ve implemented a fix that should resolve this issue but if you continue to experience it, please reach out to support@inky.com.