As part of the Secure U of T program, the University of Toronto (U of T) is enhancing protection for the Microsoft 365 environment by implementing new security features to better align with information security best practices and to ensure a secure work environment, especially to enable safe remote work.
| Feature | Purpose | |
|---|---|---|
| Safe Documents | Safe Documents protects users against malicious content by opening untrusted Word, Excel and PowerPoint documents in Protected View and automatically verifying them against the latest known risks and threat profiles. | |
| Safe Links for email, documents and Microsoft Teams | Protects users from malicious threats posed by links in incoming emails, Office 365 documents and conversations, group chats and channels within Microsoft Teams. A warning will be displayed if a link is determined to contain malicious content. | |
| Safe Attachments for email, SharePoint, OneDrive and Microsoft Teams | Provides an additional layer of protection against unknown malware. Files identified as malicious will be blocked and a warning will be displayed, preventing end user devices from getting infected. | |
| Anti-impersonation for email | Reduces the likelihood of scammers impersonating legitimate senders such as senior U of T leadership. If someone attempts to impersonate a legitimate sender by using a look-alike display name, the scam email will be sent directly to the junk folder. | |
| Microsoft Defender for Identity | Leverages user login signals to identify, detect and investigate advanced threats, compromised identities and malicious actions directed at users. | |
Frequently asked questions
Security and Privacy M365
Individual’s personal use of University networks or devices will not be monitored. Data collected will only be used for protection against security threats and will not be used to support investigations related to employee productivity, attendance/activity and/or any other general monitoring of behaviour not directly associated with security threat protection at the University.
Access to information is limited to authorized information security staff who are required to sign a confidentiality agreement with the university as part of a formal access request and approval process. Additionally, Microsoft security tools use artificial intelligence to analyze data and designated staff interact with the data only when a threat alert is triggered.
Microsoft employees do not interact with data unless they are directly engaged by the University for assistance and troubleshooting. Aggregate data may be used by Microsoft for service improvement purposes but only in a manner where it is not linked to any identifiable individual.
The Safe Links feature scans links for potentially malicious content when they are clicked on by a user. A warning is displayed if a link is determined to be malicious.
To learn more about the Safe Links feature, please review the article Secure U of T advanced threat protections: Safe Links for email, Teams and documents.
Safe Attachments works to identify malicious files/attachments. Files identified as malicious are blocked and a warning is displayed, preventing end user devices from getting infected.
To learn more about the Safe Attachments feature, please review the article Secure U of T advanced threat protections: Safe Attachments for email, OneDrive, SharePoint and Teams.
The anti-impersonation feature uses artificial intelligence to distinguish between messages from legitimate senders and impersonated senders. This feature also checks emails originating from non-U of T email addresses against a pre-defined list of display names belonging to senior leaders at U of T. This means that if someone attempts to impersonate a senior leader by spoofing/using their name or email address to contact U of T recipients, the scam email will be sent directly to users’ junk folders.
To learn more about the anti-impersonation feature, please review the article Secure U of T advanced threat protections: anti-phishing protection.
In rare cases, legitimate emails from legitimate senders may be marked as spam and sent to the junk folder. If this happens, users can follow these instructions to prevent this from reoccurring.
Resources
- Secure U of T advanced threat protections: overview
- Safe Links for email, Teams and documents
- Safe Attachments for email, OneDrive, SharePoint and Teams
- Anti-phishing protection
- Ensuring that email messages incorrectly marked as spam are received in the future as valid mail
- External IT Knowledge – Microsoft Defender for Identity (MDI) (service-now.com)
- Microsoft 365 Defender @ U of T – Enterprise Applications and Solutions Integration
Contact
If you have questions, please contact your local IT support or visit https://uoft.me/m365help.