Last week, Microsoft announced that it's beginning to roll out the Windows 11 2022 Update which features a ton of improvements. Among them is Enhanced Phishing Protection, a tool that is designed to identify malicious sites or applications that attackers use to access login credentials. Whenever the tool detects such an instance, it automatically notifies the admin through Microsoft Defender for Endpoint.
According to a new Tech Community blog post by Sinclaire Hamilton -
How does Enhanced Phishing Protection work? Windows will first analyze where you enter your password, then use SmartScreen to decipher the authenticity of the application or site. It then responds immediately and alerts the users that they are required to change their password immediately, this is regardless of whether they are using a Microsoft Account, Active Directory, Azure Active Directory, or local passwordSmartScreen. The tool will also notify the IT admin of the incident through the MDE portal for further investigation and mitigation of the issue.
IT admins can control which instances end users will receive warnings for these security breaches via CSP/MDM or Group Policy. The feature is however in audit mode by default, which allows admins to assess password usage through the Defender for Endpoint portal without notifying users.
The feature is currently accessible to users who have upgraded to Windows 11 22H2. However, for commercial customers looking to receive the Enhanced Phishing Protection alerts in the M365 Defender security portal, their license must have Microsoft 365 Defender security portal access.
Have you accessed this feature yet? Share your thoughts with us in the comment section below.