Skip to main content
Submitted by Dynamics Insights on 18 January 2021

Protect Your Most Visible and Vulnerable Users with Priority Accounts in Microsoft (Office) 365

In many industries, companies consider some internal users—like executives and management—as priority accounts. To accommodate this need, Microsoft introduced functionality into Microsoft 365 (formerly Office 365) that helps to ensure high quality service and protection for these individuals. With this functionality, an admin can tag specific users as priority accounts, which gives them access to two capabilities: priority account protection and premium mail flow monitoring.

Priority Account Protection

Users who are considered priority accounts are more likely to be targeted by phishing campaigns and other cyber-attacks because they have access to sensitive or confidential information and critical tools, but they are also more visible and researchable. This functionality enables priority accounts to be used as system tag, which can then be used in filters in alerts, reports, and investigations. You can configure priority account protection using the Security & Compliance Center.

Premium Mail Flow Monitoring

The ability for mail to flow efficiently is critical for any organization; delivery delays or failures can have serious repercussions. With Premium Mail Flow Monitoring, you can monitor mail flow for your priority accounts, including setting a threshold for failed or delayed emails, receiving alerts when a threshold is exceeded, and view a report of email issues for priority accounts. You can configure it using the modern Exchange admin center.
Here are some app-specific features for priority accounts:

Priority Account Protection

As threats become more sophisticated, organizations must have differentiated protection for those who are most visible and vulnerable. These people’s accounts need more protection and attention around security in the form of prevention and monitoring to catch threats before they do damage. With the public preview of priority account protection, security teams can provide that extra protection for these accounts. You can read more from Microsoft at User Tags in Microsoft Defender for Office 365.

Figure 1 - Priority accounts are treated as tags in Defender for Office 365, which can be used in filters in alerts, reports, and investigations

In the near future, this functionality will be expanded and integrated with the quarantine experience; email targeted at a priority account will be tagged. It will be easier to filter views to see only malicious emails targeted at priority accounts, and priority accounts will be integrated with Submission explorer, which will allow submissions from any priority account to be tagged and filterable, so security teams can focus first on these submissions over others.

Premium Mail Flow Monitoring

Exchange Online also provides premium mail flow monitoring for priority accounts. Admins can use the Microsoft 365 admin center or the modern Exchange admin center to tag a user as a priority account.

Figure 2 – Premium mail flow monitoring for priority accounts in M365; using the Microsoft 365 admin center to tag a user as a priority account

After adding users to the priority accounts list, use the Exchange Admin Center to monitor mail flow, choosing a threshold for failed or delayed emails, receiving alerts when that threshold is exceeded, and viewing a report of email issues for priority accounts. This report allows admins to view failed events from the last 15 minutes and delayed email messages from last 6 hours.
If you have any questions about using Priority Accounts in Microsoft 365, contact ArcherPoint.

Blog tags