Last week, Microsoft announced that it's beginning to roll out the Windows 11 2022 Update which features a ton of improvements. Among them is Enhanced Phishing Protection, a tool that is designed to identify malicious sites or applications that attackers use to access login credentials. Whenever the tool detects such an instance, it automatically notifies the admin through Microsoft Defender for Endpoint.
According to a new Tech Community blog post by Sinclaire Hamilton -
"Enhanced phishing protection is baked into the Windows 11 operating system and automatically detects when users type their password into any app or site. Windows understands in real-time whether that app or website has a secure connection to a trusted website; if not, Windows will let users know if they're in danger. That means admins can know exactly when a password has been stolen and be equipped to better protect your organization. When Windows 11 protects against one phishing attack, that threat intelligence cascades to protect other Windows users interacting with other apps and sites that are experiencing the same attack as well."
How does Enhanced Phishing Protection work? Windows will first analyze where you enter your password, then use SmartScreen to decipher the authenticity of the application or site. It then responds immediately and alerts the users that they are required to change their password immediately, this is regardless of whether they are using a Microsoft Account, Active Directory, Azure Active Directory, or local passwordSmartScreen. The tool will also notify the IT admin of the incident through the MDE portal for further investigation and mitigation of the issue.
SmartScreen identifies and protects against corporate password entry on reported phishing sites or apps connecting to phishing sites, password reuse on any app or site, and passwords typed into Notepad, Wordpad, or Microsoft 365 apps.
IT admins can control which instances end users will receive warnings for these security breaches via CSP/MDM or Group Policy. The feature is however in audit mode by default, which allows admins to assess password usage through the Defender for Endpoint portal without notifying users.
The feature is currently accessible to users who have upgraded to Windows 11 22H2. However, for commercial customers looking to receive the Enhanced Phishing Protection alerts in the M365 Defender security portal, their license must have Microsoft 365 Defender security portal access.
Have you accessed this feature yet? Share your thoughts with us in the comment section below.