I have slightly revised the existing "Microsoft Defender Office 365" responder and added a new function. Previously, this responder was intended to block malicious sender domains and email addresses. However, the "Tenant Allow/Blocklist" has even more features that I wanted to use.
The following have been revised:
Descriptions and names of the responders to make it easier to understand what they do
Example "MSDefenderOffice365_block_1_0" -> "MSDefenderOffice365blocksender_1_0"
New feature:
The possibility to add domain, fqdn or URL to the "URL" list. ("Block a URL to stop users from accessing the webpage and prevent the delivery of emails containing the URL.)
"MSDefenderOffice365_block_url_1_0"
A possible use case of this feature: QR phishing links can be blocked directly if the Defender for iOS has been installed. In my test, after blocking the domain, it was almost immediately no longer possible to access the URL on the iPhone.
I have slightly revised the existing "Microsoft Defender Office 365" responder and added a new function. Previously, this responder was intended to block malicious sender domains and email addresses. However, the "Tenant Allow/Blocklist" has even more features that I wanted to use.
The following have been revised:
Example "MSDefenderOffice365_block_1_0" -> "MSDefenderOffice365blocksender_1_0"
New feature:
A possible use case of this feature: QR phishing links can be blocked directly if the Defender for iOS has been installed. In my test, after blocking the domain, it was almost immediately no longer possible to access the URL on the iPhone.