In rare cases, legitimate emails from legitimate senders may be marked as spam and sent to the junk folder. If this happens, users can follow these instructions to prevent this from reoccurring.

The anti-impersonation feature uses artificial intelligence to distinguish between messages from legitimate senders and impersonated senders. This feature also checks emails originating from non-U of T email addresses against a pre-defined list of display names belonging to senior leaders at U of T. This means that if someone attempts to impersonate a senior leader by spoofing/using their name or email address to contact U of T recipients, the scam email will be sent directly to users’ junk folders.

To learn more about the anti-impersonation feature, please review the article Secure U of T advanced threat protections: anti-phishing protection.

Safe Attachments works to identify malicious files/attachments. Files identified as malicious are blocked and a warning is displayed, preventing end user devices from getting infected.

To learn more about the Safe Attachments feature, please review the article Secure U of T advanced threat protections: Safe Attachments for email, OneDrive, SharePoint and Teams.

The Safe Links feature scans links for potentially malicious content when they are clicked on by a user. A warning is displayed if a link is determined to be malicious.

To learn more about the Safe Links feature, please review the article Secure U of T advanced threat protections: Safe Links for email, Teams and documents.

Access to information is limited to authorized information security staff who are required to sign a confidentiality agreement with the university as part of a formal access request and approval process. Additionally, Microsoft security tools use artificial intelligence to analyze data and designated staff interact with the data only when a threat alert is triggered.

Microsoft employees do not interact with data unless they are directly engaged by the University for assistance and troubleshooting. Aggregate data may be used by Microsoft for service improvement purposes but only in a manner where it is not linked to any identifiable individual.

Individual’s personal use of University networks or devices will not be monitored.  Data collected will only be used for protection against security threats and will not be used to support investigations related to employee productivity, attendance/activity and/or any other general monitoring of behaviour not directly associated with security threat protection at the University.