Microsoft Priority Accounts

United States | Microsoft Priority Accounts

Most organizations have users they want to pay special attention to. They might be the C-suite members, managers, or they might even be someone who has a high profile outside the organization. For these people Microsoft have introduced a capability called Priority Accounts in Microsoft 365. Once designated, these accounts are tagged to leverage app-specific features designed for them. Initially Microsoft have made two capabilities available for priority accounts: priority account protection and premium mail flow monitoring.

PRIORITY ACCOUNT PROTECTION

Priority accounts are often the targets of phishing campaigns and other cyber-attacks, either because they have access to sensitive data or because they are more prominent outside of the organization. Using Microsoft Defender for Office 365 (formerly Office 365 Advance Threat Protection) any alerts generated on accounts tagged as Priority Accounts are highly visible in the alert queue, allowing security teams to focus on these alerts first. If you have a team dedicated to support Priority Accounts, you can even direct alerts related to Priority Accounts specifically to the members of that team for further investigation and allow other teams to investigate alerts from other users.

United States | Microsoft Priority Accounts

Microsoft have also made it much clearer in Threat Explorer when attacks have impacted Priority Accounts and provided the ability to filter on Priority Accounts to further help prioritise certain investigations.

United States | Microsoft Priority Accounts

Campaign views within Defender for Office 365 also provide the ability to filter on Priority Accounts, allowing security teams to identify campaigns that impact Priority Accounts.

United States | Microsoft Priority Accounts

Microsoft also announced the following features would be available in the coming months:

  • Submissions from Priority Accounts via the Report message add-in will be tagged allowing security teams to focus on these submissions over others
  • Emails targeted at Priority Accounts and quarantined will be tagged as such, allowing security teams to look specifically at malicious emails for these users

All of these features utilise the ability to tag certain users as Priority Account. Security teams can also optimize their focus and customize tags for their specific use case. For example, security teams can choose to define a tag called ‘susceptible users’ to describe those users who have an increased propensity to fall prey to attacks, and these tags will be available in the security workflows mentioned above.

PREMIUM MAIL FLOW MONITORING

Timely email is critical for certain people within an organization. Once Priority Accounts have been designated they are monitored for mail flow issues. When an issue occurs, an alert will be generated to notify the admin and they will be able to view the detailed information in the Exchange admin center.

United States | Microsoft Priority Accounts

REQUIREMENTS

Unfortunately, what you need to meet the requirements for Priority Accounts is a bit confusing. The Microsoft Docs page for Priority Accounts (found here) states an organization must be using Office 365 E3 or Microsoft 365 E3, or Office 365 E5 or Microsoft 365 E5 and have at least 10,000 licenses and at least 50 monthly active Exchange Online users. For the Priority Account Protection feature the licensing requirement is Defender for Office 365 Plan 2, including those with Office 365 E5, Microsoft 365 E5, or Microsoft 365 E5 Security. The 10,000 licenses limit rules out a significant number of organizations, so whether you can have one without the other is unknown for now. Hopefully this licensing requirement is just in place until Microsoft can scale the solution and guarantee performance.

Configuring premium mail flow is also the only documented way to assign the Priority Account tag to users, however during my testing I’ve found you can edit the Priority Account tag by accessing https://protection.office.com/userTags and add users to it. You can also create new tags here as well.

THANK YOU FOR YOUR SUBMISSION!

United States | Microsoft Priority Accounts

The form was submitted successfully.

Join the Insentra Community with the Insentragram Newsletter

Hungry for more?

If you’re waiting for a sign, this is it.

We’re a certified amazing place to work, with an incredible team and fascinating projects – and we’re ready for you to join us! Go through our simple application process. Once you’re done, we will be in touch shortly!

Who is Insentra?

Imagine a business which exists to help IT Partners & Vendors grow and thrive.

Insentra is a 100% channel business. This means we provide a range of Advisory, Professional and Managed IT services exclusively for and through our Partners.

Our #PartnerObsessed business model achieves powerful results for our Partners and their Clients with our crew’s deep expertise and specialised knowledge.

We love what we do and are driven by a relentless determination to deliver exceptional service excellence.

United States | Microsoft Priority Accounts

Insentra ISO 27001:2013 Certification

SYDNEY, WEDNESDAY 20TH APRIL 2022 – We are proud to announce that Insentra has achieved the  ISO 27001 Certification.