question

38088237 avatar image
0 Votes"
38088237 asked jiayaozhu-MSFT commented

Can suspicious web browsing be detected / protected (Microsoft Defender for Endpoint)?

We are preparing to operate Microsoft Defender for Endpoint (MDE).
I am currently subscribed to Microsoft Defender for Office365 Plan1 (MDO).
The other day, I received a suspicious email to a specific employee stating that they would change their Microsoft 365 password.
Actually, it was an unfamiliar email, but some people found out that they had accessed the linked Web, so they instructed them to change their passwords again.
* The reason I have no idea is that in our environment, password synchronization is performed with Azure AD Connect, so it is unlikely that a password change request will come from Microsoft 365.

Here is the question.
If a suspicious email like the one above arrives and the URL in the body of the email is clicked on by a scam, is it possible for MDE to detect it as an incident?
If it can be detected, please tell me the items that must be set in MDE.

Thank you.

windows-10-security
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

I would like to check if the reply could be of help? If yes, please help accept answer, so that others meet a similar issue can find useful information quickly. If you have any other concerns or questions, please feel free to feedback. Your support is really important to our work and we hope to hear your response soon.

Have a nice day! : )

Best Regards,
Joan

0 Votes 0 ·

Hello,

I would like to check if the replies in this blog could be of help? If yes, please help accept answer, so that others meet a similar issue can find useful information quickly. If you have any other concerns or questions, please feel free to feedback. Your support is really important to our work.

Best Regards,
Joan

0 Votes 0 ·
Reza-Ameri avatar image
0 Votes"
Reza-Ameri answered

MDE integrated with the Windows Defender SmartScreen filter and it continuously detects and block the malicious and phishing website. In case you are using the Microsoft Exchange Server as your email, ask users to mark those emails as phishing or junk and this way the SmartScreen filter will get smarter in blocking undetected phishing websites. In general such a website would be blocked in the Microsoft Edge when SmartScreen filter is on and you could configure it to block them in the network.
Take a look at:
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/web-protection-response?view=o365-worldwide
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/web-protection-overview?view=o365-worldwide
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/network-protection?view=o365-worldwide

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

jiayaozhu-MSFT avatar image
0 Votes"
jiayaozhu-MSFT answered

Hi,

Thanks for posting on our forum!

Firstly, I agree with @Reza-Ameri and I also found an important article written by Windows Docs, which can better help you understand how could you find and investigate emails that you think are malicious by the use of Microsoft Defender for Endpoint:

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/investigate-malicious-email-that-was-delivered?view=o365-worldwide

Thanks for your support! And I found that your issue is quite valuable for the public. So would you please help me Accept Answer, an accepted blog can be put on top of the forum, then the public can get access to the blog more easily. I would really appreciate it if you can accept answer.

BR,
Joan


If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.