Secure U of T Advanced Threat Protections

About Advanced Threat Protections

Secure U of T’s advanced threat protection initiative uses Microsoft 365 Defender, a cloud-based service, to help protect the University against unknown malware and viruses. These security features provide an added layer of protection to identified users’ Microsoft 365 accounts and safeguard them against malicious threats posed by attachments and links (URLs) in email messages and links in documents.

 

Additional Resources

Timeline

This project timeline describes the implementation dates for Secure U of T advanced threat protection features. For detailed descriptions of each project phase, please see the information outlined below.

  • A – Milestone: Pilot Phase Complete, Occurs December 2020
  • B – Milestone: Phase 1A Complete, Occurs April 2021
  • C – Milestone: New Email Safety Tips, Occurs September 2021
  • D – Task: Safe Links (Email), Starts February 2021, Ends April 2021
  • E – Task: Safe Links (Documents), Starts February 2021, Ends April 2021
  • F – Task: Safe Attachments, Starts February 2021, Ends April 2021
  • G – Task: Anti-Phishing – Tuning, Starts January 2021, Ends July 2021
  • H – Task: Anti-Phishing – Notification, Starts January 2021, Ends September 2021
  • I – Task: Anti-Phishing – Action, Starts November 2021, Ends December 2021
  • J – Task: Safe Documents, Starts April 2021, Ends November 2021

Phase 1A Security Add-Ons

As part of the first phase of this project, the following Secure U of T security features are currently in use at the University:

Safe Links (Email)

Safe Links checks every URL found in your incoming email and verifies that the website link is safe to view. If the link you click is determined to be safe to view, the link will work as expected. If the link is determined to contain malicious content, a warning will be displayed, and you will not be able to use the link.

With Safe Links, links in your emails will have URLs that start with this text: https://can01.safelinks.protection.outlook.com. This is an indicator that Microsoft will scan the URL to make sure that it is safe for you to access. You can copy and paste the Safe Link as you would a normal link. You can also convert Safe Links URLs back to regular URLs using this tool: https://o365atp.com/.

Safe Links (Documents) 

Safe Links checks every URL found in supported M365 applications such as Word, Excel and PowerPoint documents. If the link you click is determined to be safe to view, the link will work as expected. If the link is determined to contain malicious content, a warning will be displayed.

Safe Attachments

Safe Attachments protects you from malicious attachments like Excel, Word or PDFs that contain malicious code or actions by automatically scanning incoming email attachments. If the attachment is found to be safe, it will be delivered to your inbox. If the attachment is found to be unsafe, you will receive the email but not the attachment. The attachment will be replaced with a text file called “Malware Alert Text.txt” that contains a warning. This process is automated: the files are never seen by humans, and the safe attachments are not retained.

 

Learn more in the Enterprise Service Centre.

Phase 1B Security Add-Ons

The following Secure U of T anti-phishing features are currently being implemented for select users as part of phase 1b. The implementation of anti-phishing enhancements will be in three phases. Users may be in different phases at different times.

Anti-Phishing Phase 1: Tuning 

Phishing and spoofed email alerts for identified M365 accounts will be reviewed by ITS staff to tune the service by identifying legitimate senders who could have a similar domain or display name to the accounts the University is protecting. This first phase is ‘invisible’ and will not impact users’ email experience.

Anti-Phishing Phase 2: Notification 

Users will be alerted to possible phishing attempts by displaying safety tips in the body of suspicious emails they receive. This will help them determine if they should not trust the sender of an email. For additional examples of possible safety tips, view this knowledge base article.

Anti-Phishing Phase 3: Action

Identified phishing emails will be automatically moved to users’ Junk Email folders.

Additional Email Safety Tips

In addition to the anti-phishing features described above, Information Technology Services will also add new safety tips to all U of T email accounts. As of September 7, 2021, external emails will no longer display the  current external email banner. Instead, users will ONLY see safety tips at the top of emails originating from outside the University in the following scenarios:

  • When they receive email from someone for the first time OR from someone who does not email them often:Safety tip for infrequent contact
  • The From address contains the name of a defined person at the University who the email sender could potentially be impersonating: Safety tip for similar name to contactSafety tip for possible impersonation
  • This change provides our community with enhanced protection against cyberattacks and eliminates the need to display external banners on all emails.

Learn more in the Enterprise Service Centre.

Phase 1c Security Add-Ons

The following Secure U of T security features are currently being implemented for select users as part of phase 1c. Please see the timeline below for additional information.

Safe Documents

Safe Documents uses Microsoft threat detection software to determine if Office documents are malicious files, opening them by default in protected view. Safe Documents will then automatically verify the documents against the latest known risks and threat profiles before allowing users to leave the protected container.

 

Learn more in the Enterprise Service Centre.

Project Team

  • Gerald Lindo, Project Manager, EASI
  • Haniyeh Yousefpour, Project Manager, Information Security
  • Isaac Straley, Chief Information Security Officer, Office of the CIO
  • Kathleen McLeod, Services Engagement Coordinator, EASI
  • Mike Wiseman, Associate Director, Strategic Security Initiatives, Information Security
  • Sue McGlashan, Manager, Information Risk Management, Information Security
  • Tanya Shattuck, Office 365 Administration & Security Manager, EASI
  • Vicki Vokas, Manager, Enterprise Digital Workplace, EASI