This document contains important information about the F-Secure Elements for Microsoft 365 (formerly known as F-Secure Cloud Protection for Microsoft Office 365). We strongly recommend that you read the entire document before you start using the product.
- Supported browsers
- F-Secure Elements for Microsoft 365 portal supports the latest versions of the following browsers:
- Mozilla Firefox
- Google Chrome
- Microsoft Edge
- Safari
- Supported languages
- The F-Secure Elements for Microsoft 365 portal and documentation are localized to the following languages:
English, Finnish, French, German, Italian, Japanese, Polish, Portuguese (Brazil), Spanish (Latin America), and Swedish.
Overview
F-Secure Elements for Microsoft 365 helps organizations mitigate risks to their business emails by protecting Microsoft Office 365 against increasingly sophisticated phishing attacks and malicious content. Seamless cloud-to-cloud integration eliminates the need for middleware or expensive IT work, making F-Secure Elements for Microsoft 365 a cost-effective solution that is easy to manage.
F-Secure Elements for Microsoft 365 is a cloud-based solution to detect, protect from, and respond to security threats in Microsoft Office 365.
In addition to Microsoft Office 365 email messages, the solution also protects other Exchange items, such as tasks, calendar appointments, contacts, and sticky notes, against malicious content and URLs. Combined with F-Secure’s award-winning endpoint protection, detection, and response capabilities, the solution provides more comprehensive protection for your business than any email security solution alone. Cloud-to-cloud integration makes the solution easy to deploy and manage.
Product updates
This section lists the changes implemented for F-Secure Elements for Microsoft 365.
Released October 19, 2021
New features and improvements:
- Improved the display of license usage information in the Exchange Online tab on the Cloud services page.
- A partner view of the Cloud services page now shows the combined data from multiple services.
- Improved the display of the Cloud services page and the Detections list page for users with read-only access.
Bug fixes:
- Fixed minor display issues in the Exchange Online tab on the Cloud services page.
- Warning messages now appear properly when a policy is being modified.
- Fixed the issue of system events not showing in a certain rare circumstance.
- The Cloud services page now displays properly when viewed on a small screen.
Released October 11, 2021
Bug fixes:
- When the service is disconnected, duplicate system events are no longer created.
Released October 05, 2021
New features and improvements:
- A new user mailbox status chart was added to the Exchange Online tab in the Cloud service Details page. The chart depicts the use of user (and non-user) mailboxes and licenses.
- Additional suspicious Inbox rule detections were added to allow the system to detect even more suspicious Inbox rules.
- A new “Detections Management” functionality was added. The new functionality allows you to change the status of a detection, for example, from “New” to “Acknowledged” or “Resolved”. Furthermore, you can add comments to detections, either as notes to other administrators (for example, to inform them of the result of a detection investigation), or just as a note to yourself. Also filtering and sorting options related to this functionality have been added to make the detection management easier.
- New filters were added to the Quarantine view.
Released September 28, 2021
Fixed issues:
- Fixed a number of minor display issues when logging in as a Read-only user.
- The link in the “Top Affected Mailboxes” dashboard item now directs to the Detections page with the correct filter applied.
Released September 21, 2021
Improvements:
- Improved suspicious Inbox rule detections by adding support for additional suspicious Inbox rule names
Fixed issues:
- “Read Only” users can now see scheduled reports on the Reports page.
Released September 13, 2021
Improvements:
- Improved the security and system performance.
- Minor improvements to the look and feel of the portal, for example, the Detections and Quarantine views are now more consistent.
Fixed issues:
- Previously disconnected cloud services now reconnect properly.
Released September 7, 2021
Improvements:
- Improved the handling of long file extensions in statistics
- Improved the performance of various backend systems
Fixed issues:
- Fixed several small bugs
Released August 27, 2021
New features and improvements:
- Improved the display and usability of the Detection details view.
- Improved the consistency and usability of the Dections list page, for example, the Detection details view is now easier to access.
Fixed issues:
- The reputation and prevalence of a detection can no longer have a value of 0 in the Detection details view.
- Older events can now be displayed in the System events page.
Released August 17, 2021
Fixed issues:
Cloud services now correctly show “Configure protection” in the Status column after being authorized for the first time.
Released August 10, 2021
New features and improvements:
- The date of the last check was added to the Compromised accounts page.
- A new feature, advanced Inbox Rule scanning, was added that scans for suspicious and known malicious rule names.
- Numerous “under the hood” changes were made to support significant new functionality that is upcoming.
Fixed issues:
- Compromised account detections are now refreshed when changes are made to the mailbox protection.
- Read-only users can now list reports on the Reports page.
- A pagination issue in the System events page was resolved.
Released July 13, 2021
New features and improvements:
- Improved handling of quarantined items that have entered error state.
- Improved user experience of the System Events page.
- Improved table visibility for small resolution screens on the Detections page.
Fixed issues:
- This update enhances the quality of the system performance.
Released July 06, 2021
Fixed issue:
- The links from the Dashboard to the Details page are no longer shown for the Quarantine Manager users.
Released June 29, 2021
Fixed issues:
- When Realtime scanning is turned off, the Exchange online tab now shows the unprotected status of the mailboxes
- The subject of the Inbox rule notification message is now in line with other notification subjects
- Resilience to EWS authentication errors has been increased
Released June 17, 2021
Fixed issues:
- The Detection details view now shows “N/A” if the quarantine ID is not available
Released June 9, 2021
Improvements:
- Performance and stability improvements
Released June 1, 2021
Fixed issues:
- Fixed a pagination bug on the Reports task view
Released May 19, 2021
New features and improvements:
- F-Secure Cloud Protection for Microsoft Office 365 is now F-Secure Elements for Microsoft 365. It is available under F-Secure Elements Security Center (elements.f-secure.com).
- New localizations (Spanish and Portuguese) were added to the portal
Fixed issues:
- The incorrect information and the icon for subscriptions that are expiring within 30 days were fixed in the Subscription view
Released May 4, 2021
Fixed issues:
- When you access the Cloud service Details or Detections view of a company and then change the scope to another company, instead of receiving an error message or seeing an empty page, you are now redirected to the main Detections or Cloud service view.
Released April 27, 2021
New features and improvements:
- The top affected mailboxes widget on the Dashboard was improved to show detections per severity levels for the affected users
- The visibility of the status of the disconnected tenants and tenants who have real-time scanning turned off has been improved
- The notifications of search queries that take a long time to execute have been improved.
- A number of visual improvements were made to UI icons, views, colors etc.
Fixed issues:
- Fixed issue in sorting on Exchange Online page
Released April 13, 2021
New features and improvements:
- The existing “Modify the subject” action has been changed to “Change subject and unlink URLs” when a malicious or suspicious URL is detected. This improves the security by making links unclickable.
- A notification was added to avoid slow queries on the Detections list
Released April 6, 2021
New features and improvements:
- The new Subscriptions view provides insight into the use of subscriptions and licenses, which helps resellers in selling F-Secure products and identifying possible sales opportunities
- A new subscription widget and notification banner were added to the main dashboard
Released March 23, 2021
New features and improvements:
- A new feature was added that allows the customization of user email notifications based on the severity of the detections. Administrators can now select to send notifications for certain severity levels using the new policy setting
- The portal is now localized in the following new languages: Italian, Polish, and Swedish
- Links were added from the Dashboard Mailbox status widget to the filtered Exchange Online view
- The breached account detection details were improved. They now show the date when the actual breach occurred and the date when the breach was detected.
Fixed issues:
- The email notification template for compromised accounts can now be edited and saved
Released March 16, 2021
New features and improvements:
- Added dates for the password change at the time of detection and the last password change in the Detection details view
- Changed the column heading in the portal’s Quarantine view to “Quarantine ID”
- Renamed “Security alerts” to “Detections” in the default template for email notifications
- Added permissions for read-only users to view the Compromised Accounts page in the PSB portal
Released March 9, 2021
New features and improvements:
- Optimize the scanning performance by caching preliminary scan results
Fixed issues:
- Support links are no longer blocked by a popup blocker
- The button for adding a cloud service when there are no active license keys is now grayed out.
- Scanning no longer fails if a policy is set to “Modify subject” when harmful URLs are found and the original Exchange item has no subject.
Released March 2, 2021
New features and improvements:
- Added a new mailbox management feature for configuring mailboxes for protection. To provide protection in the ever-changing email threat landscape, good manageability of an email security solution allows administrators to set up the solution and the protection levels to secure the mailboxes in the best possible way. Using the Mailbox management feature, administrators can easily set up protection for selected mailboxes. The new feature provides administrators with a security overview of all the mailboxes at all time. Learn more about the feature at https://community.f-secure.com/other-business-en/kb/articles/8961-f-secure-cloud-protection-for-microsoft-office-365-s-mailbox-management-feature-explained
Released February 22, 2021
Improvements:
- Improved the user notification text for compromised accounts detections
Released February 16, 2021
Fixed issues:
- Fixed overlapping columns in the Detections table in the Partner view
Released February 9, 2021
Fixed issues:
- The correct system event is now shown when a cloud service is automatically disconnected because of not being authorized to connect to the Exchange service.
- Fixed an issue in a localized notification template for compromised accounts
- Fixed a bug in quarantining non-email items
Released January 26, 2021
New features and improvements:
- Added a new feature for detecting compromised email accounts in a protected domain. Compromised accounts are an easy way for attackers to get into an organization. Attackers who remain undetected can cause extensive damage by internal phishing campaigns, impersonations, and stealing of sensitive information. Learn more about the feature at https://community.f-secure.com/other-business-en/kb/articles/8896-f-secure-cloud-protection-for-microsoft-office-365-s-compromised-email-account-feature-explained
- Removed the manual mode for deploying a new cloud service. The deployment process is now simplified: By default, a new cloud service is deployed automatically and there is no need to select the mode during the deployment.
Released January 20, 2021
New features and improvements:
- Updated the Severity tooltip text for Detections in the portal
- Improved the System event messages to include the name of a cloud service when the subscription key is changed or the cloud service renamed
Fixed issues:
- Added input validation to the Trusted and Blocked website fields in the portal
- Improved the input parsing of websites for unsupported characters
- Fixed an issue in the portal Detections page for pinning companies
- Changing a subscription of a cloud service in the portal no longer disconnects the cloud service that has a valid subscription
- A dash (instead of “null”) is shown in the portal Detections page if the subject is missing
- Users are no longer redirected to the main dashboard from the portal Detections page when they using the quarantine manager permissions
Released December 8, 2020
New features and improvements
- Renamed “Security alerts” to “Detections” where applicable in the portal, email notifications, and other contexts. This aligning of the terminology used across domains is part of the transition towards delivering integrated portfolio solutions.
Fixed issues:
- Fixed a bug that caused an issue in releasing quarantined items
Released November 30, 2020
New features and improvements:
- Added support in the portal for selecting a subscription key when deploying a new cloud service or modifying an existing one
- Added a link to the Policy page within the portal that describes the variables used in administrator and user notification emails. Admininstartors can choose the variables that they want to include in the email notifications.
- The suspicious inbox rule is now visible in the Security alerts table page in the portal
Fixed issues:
- The severity for malware scanning now shows correctly when an action is set to “Delete malicious attachment”
- Prevented an accidental signing into another Microsoft account when a new cloud service is added if multiple accounts are available
Released October 20, 2020
New features and improvements:
- Added support for scanning Outlook inbox rules and detecting suspicious, external auto-forwarding rules which attackers can use to exfiltrate information from a user’s inbox. Find more information about the inbox rules scanning feature in the Features section below.
- Added support for Partner’s NFR (Not for resale) license so that partners no longer need to use two different accounts to manage their own and customers’ subscriptions for F-Secure Elements for Microsoft 365. All can now be managed with a single account. The partner organizations are visible in the scope selector drop-down list in the portal. Customer organizations can be viewed and managed in the same way.
- Improved the visibility of the policies in the portal by marking them as “Public” or “Private”. Public policies are visible by either all organizations (the F-Secure default policy) or all customers that are managed by the partner who created the policy. Private policies are only visible to the company that created the policy.
- User names and roles are now visible in the Portal header
- Visual improvements to the Item details view under Quarantine in the portal.
- Subject of the notification emails for malicious files and URLs is now customizable
- The security alerts widget on the Dashboard now includes also low-severity alerts
- Updated the icon for the portal walk-through links and moved it to the Portal header
Fixed issues:
- Fixed an infinite spinner in Portal
- Fixed UI views of overlapping contents in Portal
- Added missing tool-tip for generating an authorization link in Portal
Released September 24, 2020
Fixed issues:
- Fixed a bug that prevented the correct listing of attachments released from quarantine in the browser thread
- Fixed a bug that affected the continuous loading of the Help icon
- Fixed a bug relating to the width of the modal window in the portal
- Fixed a bug that affected the resizing of the text areas in the modal window for a policy
- Fixed a bug that affected missing count validation for trusted senders in the modal window for a policy
Released September 17, 2020
New features and improvements:
- Improved the “Trusted sender” settings for low-severity alerts and notifications. If harmful content is received from configured trusted senders, no action is taken.
- Added support for automatically disconnecting from the cloud service when authorization to the Exchange has been removed. When this happens, a system event message appears.
- Improved UI elements in the portal
Released September 14, 2020
New features and improvements:
- Improved the view in the portal when creating a policy, as well as certain feature settings that have been regrouped
- Added support to enhance the visibility of reported URLs with false positives to all users across an organization
- Improved URL scanning requests and filtering for private IPv4 and IPv6 address ranges
- Added support that defines the retention period for quarantined items. The items are removed from quarantine after the retention period is over.
- Added support to modify the subject in Tasks and Notes items
Fixed issues:
- Fixed a bug that handles unconfirmed accounts in the portal
- Fixed the email notification message about harmful URLs to include reported harmful URLs only once
- Fixed a bug in the column sorting in the Security Alerts details view
Released September 1, 2020
New features and improvements:
- Improved user-facing notifications and removed the URL reputation number
- Added a system events message for disconnecting the cloud service when a license has expired
Fixed issues:
- Fixed the bug about missing attachments in calendar items when releasing attachments
Released August 18, 2020
New features and improvements:
- Items released from Quarantine are now considered trusted and will not be scanned again
- Portal links to Security alerts and Quarantined items can now be added in the admin security notifications
- When assigning a policy, the Connection name is now displayed in the System Event
Released August 11, 2020
New features and improvements:
- Add ed support that enables sorting by multiple columns in table view
- Add ed a tooltip that gives a status description for the cloud service
- Update d the label that generates the URL consent when adding a new cloud service
- Added the following columns to the Security alerts table: Received on and Folder name
Released July 28, 2020
New features and improvements:
- Added support for localized system event messages. System event messages will be displayed in the language selected for the user in the portal.
- Added caching support for URL reputation checks. The response time for URL reputation checks is reduced if the result is available in the cache.
- Improved the color contrast for the security alerts chart on the Dashboard
Fixed issues:
- Fixed scan retries on failure during scans
Released July 17, 2020
New features and improvements
- Improved error handling during login
- Added tooltips to portal menu items
- Improved table headers to remain visible while scrolling
Released July 16, 2020
New features and improvements:
- Added subject column and icons to indicate count of file/url associated with a security alert to Security alerts table view
- Added include/does not include operators to Quarantine, Security alerts filters
Released June 30, 2020
New features and improvements:
- Added filters for Subject, URL, Attachment name, and Attachment extension to the security alerts table view
- Added the Subject modified option to the Action taken filter in the security alerts table view
Fixed issues:
- Fixed a bug in the protection trend chart on the Dashboard
- Fixed a misaligned info icon on the Partner Dashboard
Released June 23, 2020
New features and improvements:
- Added tooltips for the types of security alerts
- Added time filters to system events
Released June 16, 2020
New features and improvements:
- Added the Event ID filter to the security alerts view
Released June 15, 2020
Fixed issues:
- Fixed a bug related to customer environments with a large number of unprotected mailboxes
Features
Compromised account detection
Email is one of the biggest threat vectors for companies of all sizes. Access to user email accounts often grants access to a wide range of other company services and gives attackers an opportunity to steal company and customer data. A breached account is an easy way for the attacker to get into an organization. The attacks done using a breached account, such as phishing campaigns or impersonation, are hard to detect because they use a legitimate company user account. The Compromised account detection feature detects compromised accounts as soon as information about the breach is available. It informs users and administrators to take action to remediate the accounts by changing the password or by taking other security measures, such as turning on the multi-factor authentication to avoid further exploitation of the breached data.
Inbox rule scanning
Inbox rules in Outlook work as a trigger to perform specific actions on incoming emails automatically. After gaining access to a mailbox, an attacker creates inbox rules to carry out different types of attacks, such as auto-forwarding and auto-deleting of emails. The scanning feature analyzes all the inbox rules in a mailbox. This analysis helps to detect any suspicious rules that may indicate a compromise of the account. It also notifies the owner of the mailbox and the administrators to take action.
File protection
F-Secure Elements for Microsoft 365 scans for harmful contents in file attachments found in Exchange items to protect against viruses, trojans, ransomware, and other advanced malware. It offers far superior protection compared to traditional technologies by leveraging real-time threat intelligence gathered from tens of millions of security clients, providing faster and better protection against new and emerging threats.
URL protection
URL protection is a key security function that proactively prevents Microsoft Office 365 users from accessing malicious or unwanted content through web links added to Exchange items such as emails, calendar appointments, tasks, contacts, and sticky notes. This makes it a particularly effective security service, as early intervention greatly reduces overall exposure to malicious content, and thus to attacks. For example, it prevents users from being tricked into accessing seemingly legitimate phishing sites and other malicious sites.
Multilayered security
F-Secure Elements for Microsoft 365 leverages F-Secure Security Cloud, which combines award-winning, multi-engine antivirus scanning, machine-learning-based heuristic analysis, and threat intelligence databases updated in real time. F-Secure Security Cloud instantly finds emerging and unseen malware variants as well as detecting a broader range of malicious features, behavior patterns, and trends.
Advanced threat detection
Advanced threat detection runs suspicious files in an isolated virtual environment (known as a sandbox) that mimics a normal computer. As the file is detonated – that is, allowed to run in the sandbox – the process examines its behavior for any harmful actions. It then returns a verdict on whether the file is clean or harmful. Clean files are allowed to run normally, while harmful files are blocked.
Advanced analytics
Advanced security analytics give full visibility into the analyzed content and ensure fast and efficient response capabilities.
Worry-free administration
Product administrators can configure settings, alerts, user notifications, and actions in accordance with their company’s security policies. The F-Secure Elements for Microsoft 365 portal allows you to manage security and quarantined items for multiple Microsoft Office 365 tenants. F-Secure partners can administer the solution for multiple end customers.
Seamless integration
F-Secure Elements for Microsoft 365 supports cloud-to-cloud integration without any need for installing additional software or making changes to servers or clients. The protection is totally platform-agnostic and capable of detecting threats regardless of which device or application is used by the end user.
Quarantine management
Microsoft Office 365 user mailbox items such as emails, calendar appointments, notes, contacts, and groups that contain harmful files or URLs can be quarantined immediately and later reviewed and restored using quarantine management.
Reporting
F-Secure Elements for Microsoft 365 allows you to create automatic scheduled reports to provide a holistic overview of the secured environment that can be shared to show the value provided by the solution over a certain period of time.