Make Teams messages in our tenant come from our domain like Skype does
We have a disclaimer rule to help people avoid phishing which is applied to external emails. Teams messages come from noreply@email.teams.microsoft.com Whitelisting that email address to assume it is internal doesn't seem like a good idea from a security perspective. Skype on the other hand sends from the user@mydomain.com which we can trust given we control SPF/DKIM on our domain and spoofed email from our domain is quarantined. Skype does the right thing.
Donald Teed
shared this idea
6 comments
-
Nathan Rae
commented
It is difficult to train staff to avoid Office 365 Phishing attempts by looking at the email address because any legitimate Office 365 notification comes from various external domains. For example:
Microsoft Stream <no-reply@microsoftstream.com>
Microsoft Flow <maccount@microsoft.com>
Some Employee in Teams <noreply@email.teams.microsoft.com>
Office365 Message Center <o365mc@microsoft.com>I would prefer as an admin to make these services all come from my own domain and internal. It would be a lot easier to train staff on phishing attempts when I could state any valid Office 365 email notification will only come from our domain name.
-
Peter van de Bree
commented
a company like microsoft while security is more and more important you should expect to solve this in a proper and secure way.
-
Dennis Aanen
commented
You would expect a company like Microsoft, with all of its knowledge about mail and spam, to implement this properly from the beginning. Please fix this.
-
Paul Dupuis
commented
Agree.
-
Tony K.
commented
100% agree. We have the same concern/issue.
-
Joe Guidali
commented
This is really needed. Teams notifications from our own tenant should come from our own domain so that we can treat them as internal, assuming DNS security is configured appropriately. Same thing is needed with Yammer notifications.