Phase 1b notice for IT community

Dear colleagues, 

Information Technology Services (ITS) will apply additional security features to prioritized users’ University of Toronto (U of T) Microsoft 365 (M365) accounts as part of the rollout of Secure U (of T) advanced threat protections. These new features use advanced Microsoft Defender analytics to proactively identify cyberattacks in order to protect users’ email accounts and documents. 

We would like to enable this for end users on the 5th July.  Attached is an email template for you to notify them of these additional protections.  If you have concerns, please reach out to us. 

Read more on these additional security features below. Note. There will be additional features in the future and you will be informed as they become available. 

Anti-Phishing and Impersonation Protections  

The implementation of anti-phishing enhancements will be in three phases. Users may be in different phases at different times. 

Phase 1: Tuning 

Phishing and spoofed email alerts for identified M365 accounts will be reviewed by ITS staff to tune the service by identifying legitimate senders who could have a similar domain or display name to the accounts the University is protecting. This first phase is ‘invisible’ and will not impact users’ email experience. 

Phase 2: Notification 

Users will be alerted to possible phishing attempts by displaying safety tips in the body of suspicious emails they receive. This will help them determine if they should not trust the sender of an email. For additional examples of possible safety tips, view this knowledge base article. 

Phase 3: Action 

Spoofed emails (where the From address in an email message doesn’t match the domain of the email source) will be automatically moved to users’ Junk Email folders.   

For additional information on the features included in this next phase of the project, please review this documentation. For questions, please submit a ticket through the Enterprise Service Centre at uoft.me/m365help. 

Kind regards, 

Information Security 

Enterprise Applications & Solutions Integration