Microsoft has rolled out 'Enhanced Phishing Protection' in Windows 11, version 22H2, which automatically detects when you type a password into an unsafe app or site and then reports it to admins via Microsoft Defender for Endpoint.
The feature is based on Microsoft's SmartScreen technology and caters to both consumers and enterprise users on the new Windows 11 2022 Update.
"When Windows 11 protects against one phishing attack, that threat intelligence cascades to protect other Windows users interacting with other apps and sites that are experiencing the same attack as well," explains Microsoft's Sinclaire Hamilton.
The SmartScreen feature works for consumer Microsoft Accounts, as well as accounts managed through Active Directory, Azure Active Directory, and local passwords.
It immediately lets users know they need to change their password and automatically reports the unsafe password usage to IT through the Microsoft Defender for Endpoint portal.
The phishing problem will persist as long passwords are used to log in to apps, sites and domains. As Hamilton notes: "Attackers don't break in, they log in."
"SmartScreen identifies and protects against corporate password entry on reported phishing sites or apps connecting to phishing sites, password reuse on any app or site, and passwords typed into Notepad, Wordpad, or Microsoft 365 apps," notes Hamilton.
IT admins can use Group Policy or an MDM solution to configure the scenarios where users would see warnings. If admins are using MDM, the feature is by default in audit mode, which lets admins see unsafe password usage in their environment in the Defender for Endpoint portal without warning users.
End users will now see a pop-up warning after typing a password into an unsafe place that says: "This app made an unsafe connection that was reported to Microsoft for stealing passwords."
The pop-up includes an option to "change my password", which opens the Windows Settings app to the section where users can change their device password.
Additionally, Windows now also warns users who reuse passwords on other sites from their Microsoft account, Azure AD, Active Directory, or local password, to use a strong, unique password instead. If detected, the dialog prompts users to change their corporate password to prevent reuse on a non-corporate site.
If users try to store their password locally, like in Notepad or in any Microsoft 365 app, Windows 11 warns them that this is an unsafe practice and encourages them to delete it from the file.
Hamilton notes that Enhanced Phishing Protection is available to all consumers and enterprises using Windows 11 22H2 regardless of license tier.
But to see Enhanced Phishing Protection alerts in the M365 Defender security portal, commercial customers must have a license that provides Microsoft 365 Defender security portal access, such as the E5 license.