The best way to deal with phishing emails is to try and make sure that they never get to the destination inbox if they contain malicious files. However, Microsoft will deliberately push specific messages through email filters to allow admins to get training and awareness.

The company said, on the Feature Roadmap Page, that this will be made possible using a self-remediation portal that will allow Office 365 admins to whitelist or blacklist specific items, including those captured by the Office 365 Exchange Online Protection filtering stack.

Provisions for training

The company said that they understand that customers occasionally want to ensure that some messages get through even though they contain malicious content.

This is so the companies can train their employees by simulating phishing simulations.

So, for customers to reconcile this at the time of click and during the mail flow, Office 365 creates a portal that will allow admins to self-remediate.

The Office 365 Advanced Threat Protection feature will also give users an Attack Simulator. Using this tool, admins will be able to run spear phishing, brute force attacks, and password spray simulations. These are effective ways to test employees and protect against future attacks.

Should be out soon

Microsoft confirmed that the new features should be available worldwide at some point during the third quarter of 2020.

Phishing emails are one of the most common ways attackers employ when trying to break into company servers.  Often, employees are overworked and, in a rush, to beat deadlines. They may fail to double-check where the email is coming from, and once they open it, they open the company up to risk.

By training, safeguards can be put in place to ensure that these attacks are defended against.