Secure U of T Advanced Threat Protections

About Advanced Threat Protections

Secure U of T’s advanced threat protection initiative uses Microsoft 365 Defender, a cloud-based service, to help protect the University against unknown malware and viruses. These security features provide an added layer of protection to identified users’ Microsoft 365 accounts and safeguard them against malicious threats posed by attachments and links (URLs) in email messages and links in documents.

Additional Resources

Timeline

This project timeline describes the implementation dates for Secure U of T advanced threat protection features. For detailed descriptions of each project phase, please see the information outlined below.



	Pilot Phase Complete
			Phase 1A Complete
					New Email Safety Tips
		Safe Links (Email)
		Safe Links (Documents)
		Safe Attachments
Anti-Phishing – Tuning
Anti-Phishing – Notification
						Anti-Phishing – Action
				Safe Documents

Phase 1A Security Add-Ons

As part of the first phase of this project, the following Secure U of T security features are currently in use at the University:

Safe Links (Email)

Safe Links checks every URL found in your incoming email and verifies that the website link is safe to view. If the link you click is determined to be safe to view, the link will work as expected. If the link is determined to contain malicious content, a warning will be displayed, and you will not be able to use the link.

With Safe Links, links in your emails will have URLs that start with this text: https://can01.safelinks.protection.outlook.com. This is an indicator that Microsoft will scan the URL to make sure that it is safe for you to access. You can copy and paste the Safe Link as you would a normal link. You can also convert Safe Links URLs back to regular URLs using this tool: https://o365atp.com/.

Safe Links (Documents)

Safe Links checks every URL found in supported M365 applications such as Word, Excel and PowerPoint documents. If the link you click is determined to be safe to view, the link will work as expected. If the link is determined to contain malicious content, a warning will be displayed.

Safe Attachments

Safe Attachments protects you from malicious attachments like Excel, Word or PDFs that contain malicious code or actions by automatically scanning incoming email attachments. If the attachment is found to be safe, it will be delivered to your inbox. If the attachment is found to be unsafe, you will receive the email but not the attachment. The attachment will be replaced with a text file called “Malware Alert Text.txt” that contains a warning. This process is automated: the files are never seen by humans, and the safe attachments are not retained.

Learn more in the Enterprise Service Centre.

Phase 1B Security Add-Ons

The following Secure U of T anti-phishing features are currently being implemented for select users as part of phase 1b. The implementation of anti-phishing enhancements will be in three phases. Users may be in different phases at different times.

Anti-Phishing Phase 1: Tuning

Phishing and spoofed email alerts for identified M365 accounts will be reviewed by ITS staff to tune the service by identifying legitimate senders who could have a similar domain or display name to the accounts the University is protecting. This first phase is ‘invisible’ and will not impact users’ email experience.

Anti-Phishing Phase 2: Notification

Users will be alerted to possible phishing attempts by displaying safety tips in the body of suspicious emails they receive. This will help them determine if they should not trust the sender of an email. For additional examples of possible safety tips, view this knowledge base article.

Anti-Phishing Phase 3: Action

Identified phishing emails will be automatically moved to users’ Junk Email folders.

Additional Email Safety Tips

In addition to the anti-phishing features described above, Information Technology Services will also add new safety tips to all U of T email accounts. As of September 7, 2021, external emails will no longer display the  current external email banner. Instead, users will ONLY see safety tips at the top of emails originating from outside the University in the following scenarios:

When they receive email from someone for the first time OR from someone who does not email them often:
The From address contains the name of a defined person at the University who the email sender could potentially be impersonating: 
This change provides our community with enhanced protection against cyberattacks and eliminates the need to display external banners on all emails.

Learn more in the Enterprise Service Centre.

Phase 1c Security Add-Ons

The following Secure U of T security features are currently being implemented for select users as part of phase 1c. Please see the timeline below for additional information.

Safe Documents

Safe Documents uses Microsoft threat detection software to determine if Office documents are malicious files, opening them by default in protected view. Safe Documents will then automatically verify the documents against the latest known risks and threat profiles before allowing users to leave the protected container.

Learn more in the Enterprise Service Centre.

Additional Information

Project Communications

Phase 1A

Notice for end users

Phase 1B

Project Team

Gerald Lindo, Project Manager, EASI
Haniyeh Yousefpour, Project Manager, Information Security
Isaac Straley, Chief Information Security Officer, Office of the CIO
Kathleen McLeod, Services Engagement Coordinator, EASI
Mike Wiseman, Associate Director, Strategic Security Initiatives, Information Security
Sue McGlashan, Manager, Information Risk Management, Information Security
Tanya Shattuck, Office 365 Administration & Security Manager, EASI
Vicki Vokas, Manager, Enterprise Digital Workplace, EASI