Security News > 2021 > February > Office 365 will help admins find impersonation attack targets
Microsoft will make it easier for Defender for Office 365 customers to identify users and domains targeted in impersonation-based phishing attacks as recently revealed on the Microsoft 365 roadmap.
Defender for Office 365 protects the emails of Office 365 enterprise accounts from various threats including but not limited to credential phishing and business email compromise.
Security admins will be able to use new filters dubbed Impersonated user and Impersonated domain together with the Threat Explorer and real-time detections to detect organization users and domains targeted in impersonation attacks.
"Today we provide filters for Detection Technology with User impersonation or Domain impersonation which show all Phish emails caught by our impersonation detection," Microsoft explains.
"We are adding new filters called Impersonated user and Impersonated domain to enable Security Operations teams to explicitly hunt for specific users or domains within their organization that are targets of impersonation attacks."
Even though Microsoft Defender for Office 365 comes with built-in anti-phishing protection, impersonation protection is not configured or enabled in the default policy.