External Sharing Link Detection and Expanded Tenant Controls

INKY's latest update enhances email security with new External Sharing Link threat detection, Delegated Tenant Access, and added control over encrypted message read receipts.

Back

This update introduces a new External Sharing Link threat category to flag potentially risky links from third-party services like SharePoint and OneDrive, with support for more platforms planned. Admins can configure trusted tenant domains to bypass this warning. Additionally, Delegated Tenant Access now allows parent administrators to access mail content in a secure, controlled manner. INKY also adds an option for end-users to request read receipts on encrypted messages, and an enhanced rule editor summary improves visibility of outbound mail protection settings. Other updates include improved Cybsafe phishing training IP matching and a bug fix for message list scrolling.

Receiving sharing links from third parties has been the cause of many concerns due for phishing. We've added a new Caution Threat Category called External Sharing Link. This category will currently work against SharePoint and OneDrive shared objects but will expand to other third-party services in the future.

The protection will be enabled by default but will not contain any “Trusted” Microsoft tenants.

Image

For Microsoft Tenants that you DO NOT wish to receive an External Sharing Link warning you can simply add their tenant's name in the “Do not warn about the following trusted Microsoft tenant domains” multi-box and it will suppress the External Sharing Link threat category for that tenant.

The tenant's name is the subdomain of the tenant address found within an M365 system that ends in .onmicrosoft.com for example, polvocapital.onmicrosoft.com - polvocapital would be entered in the multi-box to suppress the External Sharing Link threat category for Polvo Capitals tenant.

The External Sharing Link threat category by itself is just a caution banner, however, if it's coupled with additional categories, such as First-Time Sender, it'll push towards being a dangerous message more quickly than previously. It's also possible that the External Sharing Link threat category rises to a Danger threat level by itself if it's coupled with raw suspicious text, such as Contract Bid, Quote Request, Secured Document or other similar terms that are more frequently used in phishing attempts.

Configured your External Sharing Link at the bottom of Analysis - INKY and for our customers that utilize Organizations to manage many teams this setting can be inherited from the Organization profile.

Delegated Tenant Access

Found at the bottom of API Access - INKY for a given team you'll find an option to enable or disable Delegated Access to Tenant Mail Content.

When Delegated Mail Content Access is enabled, parent and ancestor organization administrators will be authorized to access sensitive mail content within your tenant, such as the body of the mail. Note that this applies only to administrators who can remediate mail (Policy Admin, Super Admin).

To modify this section, you must be signed in as an administrator with mail content permissions on the team's tenant and have Directory and Remediation API Access granted. This is not the MSP admin account but the end customers admin account.

Image

End-User Read Receipt Option on Encrypt Action

When adding an action to an Outbound Mail Protection rule you can select the Cog Icon to customize the action setting. This action configuration now allows you to include read receipts when sending encrypted messages.

As an admin navigate to Outbound Protection - INKY and configure your specific rule and when you add the encryption action you can select “Send Read Receipts”

Image

When an end user opens an encrypted email by navigating through the login process the sender of the encrypted email will receive the below Email Encryption message view notification.

Image

Improved Rule Editor Summary Description

Adding a readable action summary to the Outbound Mail Protection rule editor gives admins more visibility on the exact actions that are selected.

Image

Update Cybsafe Phishing Awareness Training IP addresses

If your team utilizes Cybsafe on the Phishing Awareness Training - INKY we've updated the matching algorithm to ensure we identify their phishing training emails. No action is required if the Cybsafe provide is already selected.

Run-away scrolling on message list

There may have been times, when scrolling through large list of messages on the message list view within the Observations Page or Custom Dashboard. We've implemented a fix that should resolve this issue but if you continue to experience it, please reach out to support@inky.com.

Written by

Matt Sywulak

On

July 24, 2024