How to Protect Your Priority Accounts with Microsoft Defender for Office 365
If you are a Microsoft 365 administrator, you probably know how important it is to protect your priority accounts from cyberattacks. Priority accounts are those users who have access to sensitive, proprietary, or high-priority information, such as executives, leaders, managers, or key employees. These accounts are often targeted by attackers with more sophisticated techniques, and a breach of their data can have serious consequences for your organization.
Fortunately, Microsoft Defender for Office 365 (formerly Office 365 Advanced Threat Protection) offers a feature called Priority Account Protection that can help you safeguard your priority accounts from email-based threats. In this blog post, we will explain what Priority Account Protection is, how it works, and how you can configure and review it in your Microsoft 365 environment.
What is Priority Account Protection?
Priority Account Protection is a feature that allows you to tag specific users as priority accounts and leverage app-specific features that provide them with extra protection. For example, Microsoft Defender for Office 365 uses enhanced machine learning models and additional heuristics to detect and block malicious emails sent to priority accounts. It also gives you more visibility into the email activity and security status of your priority accounts through alerts, reports, and investigations.
Priority Account Protection is available to customers with Microsoft Defender for Office 365 Plan 2, which includes Office 365 E3, Office 365 E5, Microsoft 365 E5, or Microsoft 365 E5 Security licenses.
How does Priority Account Protection work?
Priority Account Protection works by applying a higher level of protection to the emails sent to or from priority accounts. This means that:
- Emails sent to priority accounts are scanned more thoroughly by Microsoft Defender for Office 365 to detect and block phishing, malware, spoofing, and other advanced threats.
- Emails sent from priority accounts are also scanned more rigorously to prevent data loss or compromise due to account takeover or impersonation.
- Emails that are blocked or quarantined due to Priority Account Protection are marked with a special tag that indicates the reason for the action.
- You can use the priority accounts tag as a filter in alerts, reports, and investigations to quickly identify and respond to any issues affecting your priority accounts.
In addition to Priority Account Protection, Microsoft also offers Premium Mail Flow Monitoring for priority accounts. This feature allows you to monitor the health and performance of your email delivery for your priority accounts and receive alerts when there are issues such as delays or failures. You can also view a report of email issues for priority accounts in the modern Exchange admin center (EAC).
Licensing Requirement
- Microsoft Defender for Office 365 Plan 2, including those with Office 365 E3, Office 365 E5, Microsoft 365 E5, or Microsoft 365 E5 Security.
- The Premium Mail Flow Monitoring feature t is available only to organizations that meet the following requirements:
- Organization needs to have a license count of at least 5,000, from either one of, or a combination of the following products: Office 365 E3, Microsoft 365 E3, Office 365 E5, Microsoft 365 E5. For example, your organization can have 3,000 Office 365 E3 licenses and 2,500 Microsoft 365 E5, for a total of 5,500 licenses from the qualifying products.
- Organization needs to have at least 50 monthly active users for one or more core workloads – Teams, OneDrive for Business, SharePoint Online, Exchange Online and Microsoft 365 apps.
How to configure and review Priority Account Protection?
To configure and review Priority Account Protection, you need to follow these steps:
In the Microsoft 365 Defender portal at https://security.microsoft.com, go to Settings > Email & collaboration > Priority account protection.
On the Priority account protection page, turn on Priority account protection ( ). To add users as priority accounts, click on Manage priority accounts.
On the Manage priority accounts page, click on Add users.
In the Add users dialog box, search for the users you want to add as priority accounts and select them from the list. You can also use groups or distribution lists to add multiple users at once. Click on Add.
You can also manage priority accounts from https://admin.microsoft.com portal
Removing Priority Accounts
- To remove users from the priority accounts list, select them on the Manage priority accounts page and click on Remove users.
- To review the differentiated protection for priority accounts, go to Reports > Email & collaboration > Threat protection status report.
- On the Threat protection status report page, use the User tags filter to select Priority account protection.
- You will see a summary of the email threats detected and blocked for your priority accounts in the last 30 days. You can also drill down into specific threat types or actions by clicking on them.
Security recommendations for priority accounts
- Priority accounts require increased sign-in security. You can increase their sign-in security by requiring multi-factor authentication (MFA) and disabling legacy authentication protocols.
- Implement this stringent approach for priority accounts by using the Strict profile in preset security policies.3. User tags in Microsoft Defender for Office 365 a way to quickly identify and classify specific users or groups of users in reports and incident investigations.
Conclusion
Priority Account Protection is a powerful feature that can help you protect your most critical users from email-based attacks. By tagging your priority accounts and enabling Priority Account Protection in Microsoft Defender for Office 365, you can ensure that they receive a higher level of protection and visibility than regular users. You can also monitor their email delivery health and performance with Premium Mail Flow Monitoring. To learn more about Priority Account Protection and other features of Microsoft Defender for Office 365.