Protect yourself again phishing attacks in Office 365 by using Company Branding

A quick tip

If you want to avoid being the victim of phishing this will help. Phishing attacks will lead you to a fake login page where they will ask for a username and password, hoping that the end-user will not see the difference between the real login page and the fake page. With Azure Active Directory you can change the login page for Office 365 so it contains your logo, a tagline, and some basic company information. Phishing attackers in most cases won’t go through the trouble to build a custom login page. If you end-user see that the login page is not your custom designed login page, they will know it a fake one. Since AAD Company branding is a part of the Office 365 license, this is available to you for free.

Company branding happens in the Azure portal. So we need to authenticate with our Office 365 credentials at https://portal.azure.com. Proceed to Azure Active Directory and you should see your Office 365 Directory and the following option Company branding.

CompanyBranding.png

 

Change your company branding to your own design. In my case, I changed the Californian Highway with my own preferred image, added a logo and change the sign in text.

config.png

When the configuration is changed when you fill in a username of your Office 365, the design will change from the default Office 365 login experience to your customized one. This will be the case for each application that uses your Azure Active Directory login page. So if you end-user are the subject of a phishing attack they should see that the login experience doesn’t change based on their username and that should help them identify that something is wrong with the page.

Advertisements