Proofpoint Essentials Release notes 2023-2024

Created by Yves Lacombe, Modified on Mon, 9 Dec at 11:04 AM by Yves Lacombe

Release Notes

9 December 2024


Available to all customers by December 10th, 2024 No actions are required to receive this update.


New Email Encryption experience


We are excited to announce our new Email Encryption experience, designed to simplify and enhance secure communication. These updates offer increased flexibility, greater control, and an improved user experience. Please note that messages sent before the transition to the new experience will remain accessible through the old interface. External recipients will still be able to view and respond to encrypted messages sent prior to the change using their existing login credentials. These messages will be accessible until they expire after 14 days. 

To preview what’s coming , click here

 

Updates include:


Fresh Look and Feel - New styling updates ensure encryption aligns seamlessly with the Proofpoint Essentials user experience. The secure reader interface supports white-labeling and automatically inherits customer branding for a cohesive, customized look.


One-Time Encrypted Links - External recipients now have streamlined access to encrypted emails without needing to create an account or log in. This frictionless feature enhances the user experience, ensuring that secure communication remains as simple as possible.


Read Receipts - Stay informed with the new read receipts feature, providing senders with automatic notifications when their encrypted messages are opened.


Thread Expiry - Take greater control of encrypted conversations with the new thread expiry feature. This enhancement allows administrators and original thread owners to easily revoke access to entire encrypted email threads, ensuring tighter management of sensitive information.


Improved Message Threading  - Helps external users stay informed and engaged with enhanced message threading that preserves context and organization. This improvement makes conversations more intuitive, reducing confusion and enhancing the overall user experience.


Extended Access to Encrypted Messages - Encrypted messages can now be accessed for up to 30 days (previously 14 days), providing users with greater flexibility and convenience to manage and access communications at their own pace.

 

 Full article here



4 December 2024

Important Announcement: Microsoft Add-in Permissions Update in January 2025

Microsoft is updating its add-in permissions process in January 2025, requiring PhishAlarm and Email Encryption Add-in users to take specific actions to maintain uninterrupted functionality. This update transitions from legacy Exchange tokens to Nested App Authentication (NAA), enhancing authentication and identity protection for Office 365 users.

Affected Products:

  • PhishAlarm Add-in for Microsoft 365
  • Email Encryption Add-in for Microsoft 365
    (On-premise Exchange customers are unaffected.)

Required Actions for Admins:

For the PhishAlarm Add-in:

1. Log in to the Proofpoint Security Awareness (PESA) platform.

2. Navigate to: Security Awareness Platform > Alerting > Add-in Setup > Install.

3. Authenticate as a Global Administrator in Microsoft 365 and accept the necessary permissions.

For the Email Encryption Add-in:

1. Log in to your Microsoft 365 Admin Account.

2. Access the following URL: https://login.microsoftonline.com/organizations/adminconsent?client_id=215c2929-b469-432f-aa45-2e018f456e51

3. Grant permissions across your organization by following the instructions on the screen.

Additional Information:

For more details and a step-by-step guide, refer to the Nested App Authentication Update - Proofpoint Essentials Add-ins documentation  here

 


3 December 2024

Available to all customers by December 5th, 2024 No actions are required to receive this update.

Improvements

New Report Available - Inbound Email Protection Breakdown - All Customers (US Region)

The latest report Inbound Email Protection Breakdown - All Customers offers a thorough summary of the different mechanisms and strategies utilized to detect harmful inbound emails. This report serves as an essential resource in fortifying your customers email. It provides a consolidated overview of incoming messages, highlighting those that are either blocked or delivered across all your customers.

The report showcases the proactive measures taken to block or clean suspicious emails before they reach the inbox, ensuring enhanced security and peace of mind.

To view the Report - Threat Reporting > Reports > Inbound Email Protection Breakdown (All Customers)

clipboard_e2b4744f5abac895aaea2940cf7f356e9.png

 

- A new field, Last Successful Sync, has been added to the Azure API endpoint. This field returns the timestamp of the most recent successful Azure user synchronization for the customer.

- Timezone label added to API Documentation.
 

Bug Fixes

  • EasySpam Disclaimers are now correctly removed from outbound emails.
  • Resolves an issue where some entities in the EU stack experienced dashboard loading issues on the first attempt, and export functionality was non-operational.
  • Updates email logs to accurately display the admin who released the email, eliminating confusion caused by previously logging the user.
  • Functional accounts will no longer be synced to Security Awareness.
  • Fixes an issue where the "Download" button for quarantined emails in the User Logs was not functioning.


25 November 2024

Available to Proofpoint Essentials Security Awareness customers now. No actions are required to receive this update.

Improvements:

Notification Customization

PhishAlarm prompts and end-user communications now offer a greater array of editing options. The new text editor tools to improve customization and branding. Includes the following:

  • Images Hyperlinks
  • Text editing

A new preview function now shows what users can expect to see when reporting an email before the changes are introduced to a wider audience.

clipboard_e8656c5deac5a38e602f82200661d2ac8.png

 


19 November 2024

Available to Proofpoint Essentials Security Awareness customers now. No actions are required to receive this update.

Improvements:

New phishing campaign templates added to Security Awareness in October 2024.

clipboard_e51ccb6ebb4ca0839b1d10c8495959045.png


18 November 2024

Exciting Updates Coming To Email Encryption  

We are excited to announce our new Email Encryption experience, designed to simplify and enhance secure communication. These updates offer increased flexibility, greater control, and an improved user experience.

Please note that messages sent before the transition to the new experience will remain accessible through the old interface. External recipients will still be able to view and respond to encrypted messages sent prior to the change using their existing login credentials. These messages will be accessible until they expire after 14 days.

 

Updates include:

Fresh Look and Feel - New styling updates ensure encryption aligns seamlessly with the Proofpoint Essentials user experience. The secure reader interface supports white-labeling and automatically inherits customer branding for a cohesive, customized look.

One-Time Encrypted Links - External recipients now have streamlined access to encrypted emails without needing to create an account or log in. This frictionless feature enhances the user experience, ensuring that secure communication remains as simple as possible.

Read Receipts - Stay informed with the new read receipts feature, providing senders with automatic notifications when their encrypted messages are opened.

Thread Expiry - Take greater control of encrypted conversations with the new thread expiry feature. This enhancement allows administrators and original thread owners to easily revoke access to entire encrypted email threads, ensuring tighter management of sensitive information.

Improved Message Threading  - Helps external users stay informed and engaged with enhanced message threading that preserves context and organization. This improvement makes conversations more intuitive, reducing confusion and enhancing the overall user experience.

Extended Access to Encrypted Messages - Encrypted messages can now be accessed for up to 30 days (previously 14 days), providing users with greater flexibility and convenience to manage and access communications at their own pace.

To preview what’s coming, click here.

 

The rollout of our new Email Encryption experience will begin the week of Monday, December 9, 2024.


30 October 2024     

Upcoming Proofpoint Essentials Security Awareness Platform Maintenance - All Regions:

We have several security and infrastructure updates to the Security Education Platform to perform. There are no features being release during this outage, only required upgrades that are needed to ensure security and continued operation of he platform. During the maintenance period, you may see intermittent impact to the security awareness admin console and training modules.

EU & US Environments 

Saturday November, 9th from 10:00am UTC to 6:00pm UTC




28 October 2024

Available to all customers by October 31st, 2024 No actions are required to receive this update.

Improvements

New Feature: Domain Mail Relay Status

Easily check if a domain is set up and ready to receive emails! The Mail Relay Status shows when a domain is fully prepared for email relay, so you’ll know the exact moment it’s ready to start receiving messages. Also available via API.

Active - This relay domain is active and successfully processing emails. All emails routed through it are being relayed according to the configured settings.

Relay Activating - Activating a relay domain usually takes 30 minutes to an hour. During this period, the domain may not relay emails until the activation process is fully complete.

Relay Deactivating - Deactivating a relay domain typically takes 30 minutes to an hour to fully process. During this time, emails may continue to be relayed through the domain until deactivation is complete.

Relay Disabled - This relay domain is currently inactive, and emails routed through it are not being relayed.
 

Bug Fixes

- Fixes an issue where the API specification page did not display correctly due to a rendering error.



21 October 2024

Available to all customers by October 23rd, 2024 No actions are required to receive this update.

Improvements

- Updates the default package for customer creation to "Advanced+" (both API and UI).

- Enables the "Quarantine email suspected of being phish" spam setting for all customers and removes the ability to disable this spam setting feature.
 

Bug Fixes

- Fixes an issue where read-only admins would experience a blank email when using the preview email option. 

- Fixes an issue with filter where if the email was formatted a specific way, it would bypass the filter check that should have been triggered.

- Fixes an issue where a Beginner+ customer would lose their ability to change their package where their Beginner+ privilege was removed.

- Fixes an issue where subject tags (e.g. external) were not being applied on sandbox release.

- Fixes an issue with Easyspam disclaimer causing certain emails to receive a malformed disclaimer.

- Fixes an issue where admins were unable to update Attachment Defense Safe Sender List.

- Fixes an issue in the Azure Sync Report where group name was not displaying in the delete section.

- Fixes an issue where filtering by "In Attachment Defense Sandboxing" on logs page would display in all categories. 

18 October 2024    

Available to Proofpoint Essentials Security Awareness customers now. No actions are required to receive this update.

Improvements:

Scheduled Notifications 
We’ve added a time and time zone selection to the Assignment Notification and Reminder Notification settings. This will provide admins with the ability to specify the time that notifications will be sent to their end-users within a given Training Assignment.

clipboard_ea52ae4c36342407c4e059724b0fc793e.png

 

44 New Training Modules 

We’re excited to announce the expansion of our training library modules. These new modules cover a wide range of security topics, offering users deeper insights into threats like phishing, social engineering, and ransomware. After completing this expanded training, users will have enhanced knowledge of emerging threats, better understand best security practices, and be more prepared to safeguard sensitive information.

clipboard_ef8f7e710f8616032656897d12fea5a5c.png

 

 

 

 

 

 

 

What's New:

New Training Modules: We’ve expanding the Proofpoint Essentials Security Awareness program adding 44 new training modules.

New Module Type – Multi-Path Adventure: These modules provide an interactive, scenario-based experience, where users make decisions in real-world security situations and see the outcomes of their choices

NameTypeRuntime
60 Seconds to Better Security: AI Chatbot ThreatsAnimated Video1 minute(s)
A Date to ForgetMulti-Path Adventure9 minute(s)
A Step Too FarMulti-Path Adventure12 minute(s)
Abstract DataMulti-Path Adventure9 minute(s)
An Education in ReportingMulti-Path Adventure9 minute(s)
An Unexpected CallMulti-Path Adventure12 minute(s)
An Urgent RequestMulti-Path Adventure9 minute(s)
Anti-Fraud and BriberyInteractive12 minute(s)
Anti-Money LaunderingInteractive12 minute(s)
Avoiding Dangerous AttachmentsInteractive8 minute(s)
Avoiding Dangerous LinksInteractive9 minute(s)
BEC ScamsInteractive12 minute(s)
Behind Closed DoorsMulti-Path Adventure12 minute(s)
Behind Your BackMulti-Path Adventure12 minute(s)
Being Smart With Social MediaAnimated Video2 minute(s)
Beyond PasswordsInteractive11 minute(s)
Data Entry PhishingInteractive8 minute(s)
Deadline DemandsMulti-Path Adventure12 minute(s)
Device DisasterMulti-Path Adventure9 minute(s)
Don't Bet On ItMulti-Path Adventure12 minute(s)
Double 'Oh... No'Multi-Path Adventure12 minute(s)
Email Attack Methods: Business Email CompromiseAnimated Video3 minute(s)
Email Attack Methods: Credential CompromiseAnimated Video2 minute(s)
Email Protection ToolsInteractive15 minute(s)
Email Protection ToolsInteractive6 minute(s)
Email SecurityTraining Game20 minute(s)
Email Security on Mobile DevicesInteractive10 minute(s)
Fake It 'Til You Make ItMulti-Path Adventure12 minute(s)
Freedom of InformationInteractive12 minute(s)
GDPR: In ActionInteractive6 minute(s)
General Data Protection Regulation (GDPR): OverviewInteractive8 minute(s)
Hazards of HackingInteractive12 minute(s)
HIPAA OverviewAnimated Video12 minute(s)
Holding Health to RansomMulti-Path Adventure10 minute(s)
Incident ReportingInteractive12 minute(s)
Insider Threat OverviewInteractive12 minute(s)
Insider ThreatsInteractive12 minute(s)
Internet Enabled NightmareMulti-Path Adventure12 minute(s)
Introduction to PhishingInteractive19 minute(s)
Introduction to Phishing Emails and WebsitesInteractive12 minute(s)
Malicious Insider ThreatInteractive9 minute(s)
Malware & RansomwareInteractive12 minute(s)
Malware AttacksInteractive10 minute(s)
Mobile Device DefenceInteractive12 minute(s)
Mobile Device SecurityLive Action Video11 minute(s)
Mobile Device SecurityInteractive22 minute(s)
Mobile Devices: Common Risks and ThreatsAnimated Video2 minute(s)
Mobile Devices: Physical Security FundamentalsAnimated Video2 minute(s)
Modern Slavery ActInteractive12 minute(s)
Multi-Factor AuthenticationInteractive6 minute(s)
Nerves of SteelMulti-Path Adventure12 minute(s)
Password ManagementInteractive13 minute(s)
Password PolicyInteractive7 minute(s)
PCI DisasterMulti-Path Adventure9 minute(s)
PCI DSSInteractive12 minute(s)
Perfect Your PasswordInteractive12 minute(s)
Perfecting PasswordsAnimated Video2 minute(s)
Personally Identifiable InformationInteractive12 minute(s)
Phish Finder: Spotting Warning Signs (Beginner)Animated Video2 minute(s)
Physical SecurityInteractive14 minute(s)
Physical SecurityInteractive12 minute(s)
Physical Security FundamentalsAnimated Video2 minute(s)
PII FundamentalsInteractive16 minute(s)
PII in ActionInteractive11 minute(s)
PII In ActionAnimated Video10 minute(s)
Precursor to PhishingInteractive5 minute(s)
Precursor to PhishingAnimated Video9 minute(s)
Privileged Access AwarenessInteractive12 minute(s)
Protecting DataInteractive12 minute(s)
Public Data vs. Non-Public DataAnimated Video2 minute(s)
Remote Working: Recognizing the RisksAnimated Video2 minute(s)
Remote Working: Reducing the RisksAnimated Video2 minute(s)
Safe Social NetworksInteractive16 minute(s)
Safer Web BrowsingInteractive23 minute(s)
Secure PrintingInteractive12 minute(s)
Securing Data: Know Your RoleAnimated Video2 minute(s)
Security Basics: Data Handling and SecurityAnimated Video2 minute(s)
Security Basics: Insider ThreatsAnimated Video2 minute(s)
Security Basics: Passwords and AuthenticationAnimated Video2 minute(s)
Security Basics: Physical Security and Remote WorkingAnimated Video2 minute(s)
Security Beyond the OfficeInteractive15 minute(s)
Security Beyond The OfficeInteractive12 minute(s)
Security EssentialsInteractive14 minute(s)
Security Essentials: Data ProtectionInteractive3 minute(s)
Security Essentials: IntroductionInteractive1 minute(s)
Security Essentials: Physical SecurityInteractive3 minute(s)
Security Essentials: Protecting Accounts, Devices, and SystemsInteractive4 minute(s)
Security Essentials: Secure Remote WorkingInteractive3 minute(s)
Shielding Against Spear PhishingInteractive12 minute(s)
Social EngineeringInteractive12 minute(s)
Social EngineeringInteractive19 minute(s)
Social Engineering: Many Methods, Many MotivesAnimated Video2 minute(s)
Social Media Roller CoasterMulti-Path Adventure12 minute(s)
Social Network NightmareMulti-Path Adventure9 minute(s)
Social NetworkingInteractive12 minute(s)
Spear Phishing ThreatsInteractive12 minute(s)
Spotting Invoice ScamsInteractive12 minute(s)
Surfing the World Wide WebInteractive12 minute(s)
Swiped Right Into TroubleMulti-Path Adventure12 minute(s)
TAKEOVER: BEC ScamsMulti-Path Adventure12 minute(s)
TAKEOVER: Digging For DataMulti-Path Adventure12 minute(s)
The Problem With Public Wi-FiAnimated Video2 minute(s)
Travel SecurityInteractive8 minute(s)
Under SurveillanceMulti-Path Adventure12 minute(s)
Unintentional Insider ThreatInteractive10 minute(s)
URL FundamentalsInteractive18 minute(s)
URL FundamentalsAnimated Video16 minute(s)
Web Browsing: Identifying Threats (Beginner)Animated Video2 minute(s)
When Emotions Run High: USB DrivesLive Action Video2 minute(s)
Working From HomeInteractive12 minute(s)
Working From Home (COVID-19)Interactive12 minute(s)
Workplace Security in ActionInteractive14 minute(s)



7 October 2024

Available to Proofpoint Essentials Security Awareness customers now. No actions are required to receive this update.

Improvements:

New phishing campaign templates added to Security Awareness in July & August 2024.

clipboard_e66736ffddfa59f189e1b5687f661c0b5.pngclipboard_e5d81efefad726220ad1f35a06f5ba512.png




1 October 2024    

Available to all customers by October 4th, 2024 No actions are required to receive this update.

Improvements

- When a user attempts to perform a block action from a digest, the system will now use the "From" header address if no envelope sender exists.

- Email Warning Tag domain age threshold increased to 90 days (previous 30 days)

- API Terms added to API documentation.

The API has been expanded to accept multiple values in the 'stateprov' field.

Users can now input not only the standard two-letter state abbreviations (e.g., CA, TX, AZ) but also full state names (e.g., "California," "Texas," "Arizona").

Additionally, a combination of both formats is supported, using a hyphen (e.g., "CA - California").

 

Bug Fixes

- Fixes an issue where the Puerto Rico and St Thomas time zones had an incorrect definition.

- Resolves an issue with Email warning tags where paragraphs were being set to one line per paragraph in some instances.

- Corrects filter action behaviour. If an outbound filter generated a notification for a quarantined email, then the general alert would not be sent.




16 September 2024    

Available to all customers by September 19th, 2024 No actions are required to receive this update.

Bug Fixes

- Fixes an issue with Email Warning Tags that caused Block option to not be visible through learn more link for emails sent to an alias address.
- Fixed an issue with Email Warning Tags and One Click Removal settings not applying correctly from custom templates.




9 September 2024   

Available to all customers by September 12th, 2024 No actions are required to receive this update.

Bug Fixes

- Fixes an issue with mail previews that resulted in a blank page being displayed.
 




27 August 2024   

Available to all customers by September 4th, 2024 No actions are required to receive this update.

Improvements

- When a user attempts to perform a block action from a digest, the system will now use the "From" header address if no envelope sender exists.

Bug Fixes

- Fixes an issue where the send and delete functions would temporarily be unavailable in Emergency Inbox until the browser was refreshed.
- Fixes an issue that caused some Easy-Spam-Reporting Disclaimers to be malformed in plain text emails.




19 August 2024   

Available to all customers by August 21st, 2024 No actions are required to receive this update.

Improvements

- Digest: Emails classified as Impostor will no longer be listed in user digests. They will remain visible in Log Search.
- Log Preview Headers now show all available public headers in existing order (used to be alphabetical), including duplicates.
- Adds a new license package quick-view when creating a new customer via the UI.

Bug Fixes

- Fixes an issue where manual user syncs didn't trigger an error when tech contacts were set to be deleted from the action.




12 August 2024   

Available to all customers by August 15th, 2024 No actions are required to receive this update.

Bug Fixes

- Fixed an issue where the EWT feature continued to remain active for ineligible license packages after the trial period of a higher-tier package had ended.
- Removes checkbox next to objects that cannot be exempted from Azure Directory Sync.
- Fixes an issue where the Resend option could be used to release quarantined mail.
- Fixes the error code displayed when Org Admins attempts to modify a partner created Outbound-Allow Filter policy.




29 July 2024  

Available to all customers by July 31st, 2024 No actions are required to receive this update.

Improvements

- Connectwise Integration: Improved checks for active additions.
- Updated code around CSV Import to allow for import of phone numbers.

Bug Fixes

- Resolves an issue where sync exemptions would count alias addresses as primary addresses.
- Resolves a bug where Azure Directory Sync would continue to run despite being disabled.
- Removes a visual line in the breadcrumb border.
- Fixes an issue where users were unable to use the delete/hide option from their logs.




22 July 2024 

Available to all customers by July 26th, 2024 No actions are required to receive this update.

Improvements

- Azure secret expiry now fetched after each sync to display in customer table.

- Updates default package in customer creation (portal only, not API). New default is Advanced+.

- Exposes more data in the Message Details Logs, new fields:
> Current spam threshold (Shows the recipients current spam threshold settings).
> Current stamp&forward setting (Shows if the recipient has Spam, Stamp & Forward enabled).
> Encryption Recipient notified (Shows if the recipient has received encryption notifications).

> Warning Tags Applied (Shows which Warning Tag was applied to the message if the feature is enabled).


Example

 message_details July 22.png

Bug Fixes

- Resolves an issue where templates would override the Azure Version 2 enablement and revert to Azure Version 1.
- Resolves a bug in the billing API regarding Products and Bundles.
- Verbiage updated under Attachment Defense and URL Defense tabs. 




8 July 2024

Available to all customers by July 10th, 2024 No actions are required to receive this update.

Improvements

- Adds Azure information to the API endpoint GET v1 /Settings/Azure to help partners manage Azure Sync settings:

- Added "SecretExpiration" field for Azure Expiry Date ID

- Added "Azure Sync Version" field for Azure Version

- SMTP Auth - The password field now hides input text, and the generated password can be copied to the clipboard.

- Added a new log search icon to the customers table to make the action clearer.
clipboard_ed1f9aa4c935835222b677ed76bc215c1.png

- Minor UX improvements.

Bug Fixes

- Resolves an issue that was preventing the Azure sync report from displaying
- Resolves a bug that was causing the billing endpoint /orgs to not display trial data.


28 June 2024

Available to Proofpoint Essentials Security Awareness customers now. No actions are required to receive this update.

Improvements:

New phishing campaign templates added to Security Awareness in May 2024.

clipboard_ece0a9925137acb140336ee708d27d04a.png




18 June 2024     

 Available to all customers by June 21st, 2024 No actions are required to receive this update.

Bug Fixes

- Fixes an issue that prevented some customers from viewing the body of an email in Archive.
- Fixes a bug where customers with exceptionally long Azure Secret Expiration dates were unable to sync.
- Fixes an issue where addresses not belonging to a user cannot be removed from the exemptions list.




17 June 2024    

Upcoming Proofpoint Essentials Security Awareness Platform Maintenance - EU Region:

We have several security and infrastructure updates to the Security Education Platform to perform. There are no features being release during this outage, only required upgrades that are needed to ensure security and continued operation of he platform. During the maintenance period, you may see intermittent impact to the security awareness admin console and training modules.

EMEA Environment (EU1 Customers):

Saturday June, 22nd from 11:00am UTC to 7:00pm UTC

No impact to US region customers.




10 June 2024    

Available to all customers by June 12th, 2024 No actions are required to receive this update.

Bug Fixes

- Fixes an issue where some customers were not seeing the correct Azure version in the ui, customer table or in exports.
- Fixes an issue that prevented Azure Directory Sync V1 from manually and automatically syncing for some customers.




5 June 2024

We are excited to announce the addition of 12 new Security Awareness training modules.

Available to Proofpoint Essentials Security Awareness customers now. No actions are required to receive this update.

New Modules 

Module NameDescription
Email Protection ToolsThis training will introduce you to how email protection tools help keep you and your organization safe. 
Mobile Devices: Common Risks and ThreatsThere's no denying the convenience of mobile devices. They are a fixture in our work and personal lives. We take our smartphones, tablets, smart watches, and health trackers nearly everywhere we go. This portability increases the risk of devices being lost or stolen. But those aren't the only threats to your devices and the data they hold.
Mobile Devices: Physical Security FundamentalsMobile devices are valuable tools for both work and personal use. But the same features that make them so convenient, such as small size and easy mobility, are also security risks. And replacing these devices can be a big challenge, so that's why physical security measures are critical. Two simple practices mentioned in this module can help you keep track of your devices.
Email Attack Methods: Credential CompromiseCredential compromise is one of the most common types of email attack. This module will explain how credential compromise attacks work and what to do if you receive an email that asks for credentials.
Perfecting PasswordsKeeping track of passwords can be challenging. But that's nothing compared to having your accounts compromised and information stolen! One of the most common problems with passwords ‚ is that they're common. Another problem: The shorter a password is, the easier it is for attackers to guess. It's crucial you understand how to create strong and secure passwords.
Remote Working: Reducing the RisksRemote working has become increasingly common‚ and convenient. But no matter where you work, your organization's policies and procedures still apply. They help keep data, devices, and systems secure. This module will explain the protocols and ways to minimize risks, even if they take a bit of extra time when working remotely.
Public Data vs Non-Public DataSome types of information are more sensitive than others. Organizations use different labels for these data types. But at a basic level, organizational data can be classified in one of two ways: as public data or non-public data. It's crucial that you understand the differences between the two, and how to handle data.
Security Data: Know Your RoleEmployees interact with data in many different ways. And different organizations hold different types of data. Obviously, some information is more sensitive than others. Cybercriminals often target people based on their access to important data. It's crucial that you recognize how to keep data secure.
The Problem With Public Wi-FiThis video is part of our 60 Seconds to Better Security series, and will give a basic explanation of why using public Wi-Fi can be a problem.
Travel SecurityThis training will help you to recall security measures to take while traveling, including options for secure connectivity. 
When Emotions Run High: USB DrivesUSB drives, while incredibly convenient, pose significant security risks when not handled properly. In this episode, we learn how to take the drama out of finding a USB drive.
Security Basics: Passwords and AuthenticationThis Security Basics course provides foundational information on concepts related to password management.

Note - As part of this update, we will also be sunsetting some of our older modules on 14th June . Click here for more information.





3 June 2024    

Available to all customers by June 5th, 2024 No actions are required to receive this update.

Improvements:
- Improved User Sync: Azure User Sync v2 for New Customers

Overview

Azure User Sync v2 will be the default version applied for new customers. This enhancement streamlines user management, saving time for admins by improving user attribution when syncing from M365. It seamlessly updates user types, preserves attributes, and ensures uninterrupted mail flow for shared mailboxes and distribution lists. Note, this update won’t impact existing customers.

Enhanced User Creation
Azure Sync has been enhanced to exclusively include active, licensed M365 users when creating new active user accounts. Specifically, it will now include users with the account_enabled flag set to true and those holding an active exchange license. Previously, this process included only users with the account_enabled flag set to true, regardless of their licensing status.

User Account Type Updates 
When modifying a user's account type, there is no longer a requirement for the synchronization process to delete and recreate the account. Instead, user types will be updated seamlessly while preserving all existing user attributes, such as sender lists, log details, user filters, and more. Previously, user accounts would have been recreated during this process.

Functional Account Sync 
Users with account_enabled set to false will now be synchronized as functional accounts. Previously, these users were synchronized as disabled users, leading to mailflow interruptions. This enhancement ensures uninterrupted mail flow for shared mailboxes and distribution lists. Previously, these accounts would have been assigned as disabled users, resulting in halted mailflow.

- Three new fields added to the customer table - Azure App ID, Azure Sync Version and Azure Secret Expiry. Azure secret expiry will be set and updated upon saving azure user sync settings.





30 May 2024

Available to Proofpoint Essentials Security Awareness customers now. No actions are required to receive this update.

Improvements:

New phishing campaign templates added to Security Awareness in April 2024.

clipboard_ec2f67bbcfccc96853fe8623387d231ab.png

  clipboard_e430734ba8cfa8a05476a97f7e00c2c9d.png       

  clipboard_ed944fa5cbad9d1f1e3dbd4df7d91fb4b.png




29 May 2024    

Upcoming Changes to Proofpoint Essentials - Security Awareness

On June 14, 2024, we are excited to announce the addition of new modules for all customers with a Proofpoint Essentials - Security Awareness subscription. As part of this update, we will also be sunsetting some of our older modules. Click here for more information.




28 May 2024    

Available to all customers by May 30th, 2024 No actions are required to receive this update.

Improvements:
- Updated verbiage for the Microsoft 365 Integration tile found under Integrations.
- UI warning banner when attempting to enable both Azure Directory Sync and LDAP.

Bug Fixes

- API: Multi-response API fixed for POST users.





20 May 2024     

Available to all customers by May 22nd, 2024 No actions are required to receive this update.

Improvements:
- Removes 'learn more' links on licensing and billing pages for Email Security.
- API: Billing API, customer "type" has been renamed to "customer_type" (matching v0)
- API: Billing API, spelling of "organisation" has been changed to "organization"
- DLP: Smart Identifiers are now alphabetized for ease of use.
- DLP: Introduces over 100 new Personal Information Smart Identifiers (See list below)

Argentina CBU number
Argentina DNI Number
Austria Passport Number
Belgium National Identification Card Number
Belgium Passport Number
Belgium National Identification Number
Bulgaria National Identification Number
Bulgaria Passport Number
Bahrain National Identification Number
Swiss AHV Number (New)
Swiss AHV Number (Old)
Switzerland Passport Number
Chile RUT Number
Denmark Passport Number
Cyprus Passport Number
Czech Republic National Identification Number
Czech Republic Passport Number
Spain Passport Number
Estonia Personal Identification Code
Estonia Passport Number
Finland Passport Number
Generic Drivers License
Machine Readable Passport
Mexico CURP Number
Malta National Identification Number
Malta Passport Number
Malaysia National Registration Identity Card Number
Netherlands National Identification Number
Citizen Service Number
Netherlands Old National Identification Number
Netherlands Passport Number
Norway Passport Number
New Zealand IRD Number
Poland Passport Number
Portugal Citizens Card Number
Portugal Passport Number
Qatar Identity Card Number
Romania National Identification Number
Romania Passport Number
Russia Taxpayer Identification Number
Slovakia National Identification Number
Slovakia Citizens Identification Card Number
Slovakia Passport Number
Slovenia National Identification Number
Slovenia Passport Number
Sweden Passport Number
Turkey Personal Identification Number
American Samoa ID
Guam ID
Northern Marina Island ID
Puerto Rico ID Card
US Virgin Islands ID Card
US Medicare Beneficiary ID
Passport (APEC application only)
US State ID
Driver License American Samoa
Driver License Guam
Driver License Northern Mariana Islands
Driver License Puerto Rico
Driver License US Virgin Islands
Alberta Drivers License
British Columbia Drivers License
Manitoba Drivers License
New Brunswick Drivers License
Newfoundland Drivers License
Nova Scotia Drivers License
Northwest Territories Drivers License
Nunavut Drivers License
Ontario Drivers License
Prince Edward Island Drivers License
Quebec Drivers License
Saskatchewan Drivers License
Yukon Drivers License
Canada Northwest Territories ID
Canada Nunavut ID
Canada Yukon ID
Greece Identification Card
Greece Identification Card (Old Format)
Greece Passport Number
Croatia Personal Identification Number
Croatia Passport Number
Hungary National Identification Number
Hungary Passport Number
Indonesia National Identification Number
Ireland New National Identification Number
Ireland National Identification Number
Ireland Passport Number
Iceland National Identification Number
Iceland Passport Number
Italy Passport Number
Japan MyNumber (individual)
Japan MyNumber (corporate)
Kuwait National Identification Number
Lebanon Identification Card Number
Liechtenstein National Identification Number
Liechtenstein Passport Number
Lithuania National Identification Number
Lithuania Passport Number
Luxembourg Passport Number
Latvia National Identification Number
Latvia Passport Number
Venezuela CDI Number

Bug Fixes
- Fixes an issue where administrators were unable to export customer lists via the UI.
- Resolves scenarios where bounced mail that had been resent didn't show correct released, released by and released date.
- Fixes a bug where administrators were unable to delegate permissions in Archive.





7 May 2024     

Available to all customers by May 9th, 2024 No actions are required to receive this update.

Improvements:
- New Sync Exemptions menu found under User Management > Import & Sync > Sync Exemptions.
This new menu allows administrators to view, search and delete Sync Exemptions directly from the page.

- Sync Exemption API documentation updated.

- Maximum message size threshold reduced to 256MB

sync_exemptions.png

Bug Fixes
- Fixes an issue where some unverified domains were inadvertently updated by Microsoft 365 Integration (causing the SMTP Destination to be overwritten).




29 April 2024     

Available to all customers by May 1st, 2024 No actions are required to receive this update.

Improvements:

- Deprecates customer renewal confirmation notification emails.
- Azure Directory Sync will now display which Azure Sync version within the UI.

azure_sync_versioning.png       

Bug Fixes

Fixes an issue where some customers with mismatched uppercase/lowercase email addresses were unable to access Emergency Inbox.
- Fixes an issue where the Connectwise mapping views became unresponsive.





25 April 2024    

Available to all EU Partners now. No actions are required to receive this update.

Improvements: 

New Report Available - Inbound Email Protection Breakdown - All Customers

The latest report Inbound Email Protection Breakdown - All Customers offers a thorough summary of the different mechanisms and strategies utilized to detect harmful inbound emails. This report serves as an essential resource in fortifying your customers email. It provides a consolidated overview of incoming messages, highlighting those that are either blocked or delivered across all your customers.

The report showcases the proactive measures taken to block or clean suspicious emails before they reach the inbox, ensuring enhanced security and peace of mind.

To view the Report - Threat Reporting > Reports > Inbound Email Protection Breakdown (All Customers)

clipboard_e2b4744f5abac895aaea2940cf7f356e9.png

 




22 April 2024    

Available to all customers by April 22nd, 2024 No actions are required to receive this update.

Improvements:

New QR Code Phish Simulations 

We're excited to introduce a new update to our simulated phishing feature for all Security Awareness customers. This release focuses on enhancing the simulation of digital QR-based threat vectors.

QR Code Simulation: We now offer the effective simulation of digital QR-based threat vectors through dynamically generated QR Codes in simulated phishing emails.

New QR Code Lure Templates: Enjoy a set of new QR code lure templates accompanied by teachable moment content to support this new simulation option.

Integration with Existing Campaigns: These features seamlessly work within the context of existing simulated phishing drive-by campaigns.

clipboard_eed1eec8e1c52b1289b6cacbc922b5792.png

 

clipboard_e3a5b5e237f88e254a18ddaa83e200607.png




16 April 2024    

Available to all customers by April 17th, 2024 No actions are required to receive this update.

Improvements:

New Emergency Inbox
- Introducing our new revamped Emergency Inbox feature, when using Emergency Inbox you will encounter the following changes:
- Emergency Inbox no longer launches a new tab
- Emergency Inbox Icon now provides a status text and visual indicator
- Emergency Inbox Icon is now clickable and takes you to Emergency Inbox
- New Interactive Emergency Inbox Icon in Log Search for emails with a 'Deferred' status

Example of Emergency Inbox Icon in Log Search
Deferred icon log search - arrow.png


Example of an account that is actively spooling and is utilizing Emergency Inbox
Emergency inbox spooling.png

 

Bug Fixes

Corrects partner stats response schema when utilizing: api/v1/stats/{domain}/partner/orgs?page_size 




10 April 2024   

Available to all customers by April 12th, 2024 No actions are required to receive this update.

Improvements:

New Australian-Specific Smart ID Filters:
- Introducing new smart ID filters tailored for Australian users. These include:
- Australia Driver License
- Australia Medical Account Number (MAN)
- Australia Centrelink Customer Reference Number (CRN)
          - Australia Passport

Notifications Added to Management Accounts:
    - The Notifications page is now accessible for Management accounts. Users with these account types can now conveniently manage their notifications from within the platform.

ConnectWise Integration Improvements:
    - Product and customer dropdown menus have undergone performance enhancements, particularly noticeable with large datasets. Users will experience smoother navigation and faster     loading times.

Default Account Type Set to Organization on Customer Creation:

    - Upon creating a new customer, the default account type will now be set to "organization".

Bug Fixes

Resolves an issue that prevented users from scheduling reports directly from the new beta Reports page.

- Removes Google Icon from SSO providers.

 


25 March 2024

Available to Proofpoint Essentials Security Awareness customers now. No actions are required to receive this update.

Improvements:

New phishing campaign templates added to Security Awareness in February 2024.

clipboard_eab6e83edb76f3b4880bc0b01741b2101.pngclipboard_ec0013f2e8ca0c0dbacef5f8cc402fe3b.png



5 March 2024   

Available to all customers by March 6th, 2024 No actions are required to receive this update.
 

Improvements:

- Azure Directory and Active Directory Sync now set the user role to "silent user" by default.

 

Assignment States

We have changed the completion status in Training to a date-based completion model. Here’s what to expect from this update:

- Assignment statuses will now be based on the end date and grace period.

- Admins will have the ability to manually complete or reopen assignments.

- The status of an assignment for users who have not completed an assignment by the end date will reflect level of completion.

- Provides a more intuitive expectation of training access.

- Admins will have better control of end user access to training with manual controls over their statuses.

clipboard_ea4e7cd893386f453f2b099d5b3a0b6a0.png



clipboard_e826673d5bac5dd22d766c4d7306d84b2.png





Proofpoint Essentials Release Notes Feb 19th 2024


Improvements:

- Introduces a new SPF Hard Fail/Soft Fail control within Anti-Spoofing Policy.
Customers currently using Anti-Spoofing Policy will see their new "Soft Failure" default to Take no action

asp_spf_failure_options.png


 

Bug Fixes:

- Fixes an issue where some Outbound messages that were released from Quarantine didn’t update log status correctly.

- Fixes an issue where email preview displayed base64 encoding when initiated.

- Fixes an issue where SPF failures were being displayed incorrectly in email log preview and email permalink preview.





Proofpoint Essentials Release Notes Feb 15th 2024


Improvements:

 

New phishing campaign templates added to Security Awareness in January 2024.

 

clipboard_eff2e0cf34759a4b507d107dcb31f156c.png





Proofpoint Essentials Release Notes Feb 10th 2024

Improvements:

 

- New Emergency Inbox Status indicator in the top right corner of the UI.

emergency_inbox_indicator.png

 

 

- Updated SPF recommendation for new customers within the Connection Details documentation.
Existing customers do not need to make any changes to their SPF records.



Proofpoint Essentials Release Notes Jan 30 2024


Improvements:

 

- New Connector added to Microsoft 365 Integration.

 

Our Microsoft 365 Integration now includes a new “locked down” connector which will be disabled by default and will provide a locked down version of the standard connector. This locked down version of the connectors will allow customers to be more selective about which IP addresses to trust for mail flow, facilitating an enhanced security posture (if desired).

The “locked down” connector should only be used after the customer has updated their MX records.

 

- Added a new Access Control for the Integrations page




Proofpoint Essentials Release Notes Jan 15 2024


Available to Proofpoint Essentials Security Awareness customers now. No actions are required to receive this update.

Improvements:

New phishing campaign templates added to Security Awareness in January 2024.

pesa_template_update_Jan_2024.png

New Training Modules added to Security Awareness in January 2024

pesa_training_module_update_jan_2024.png





Proofpoint Essentials Release Notes Jan 3 2024


Improvements:

 

Introducing Microsoft 365 Integration.

 

Our Microsoft 365 Integration significantly reduces manual effort when configuring a customer's Microsoft 365 tenant to collaborate with Proofpoint Essentials Email Security. This process includes setting up all necessary prerequisites to facilitate a standard MX deployment, including:

- Setting up mail flow rules.

- Creating inbound and outbound connectors.

- Automatically importing and verifying domains.

- Automatically setting up Azure Sync Users via Microsoft Entra.

The Microsoft 365 Integration feature can be found under Administration > Account Management > Integrations

Learn more about the new Microsoft 365 Integration here

 

clipboard_ec2521feb2974b7bbf84bb382812e4c51.png


 Bug Fixes:

 

- Resolves an issue that prevented customers from viewing images via log preview. 

- Fixed an issue where feedback confirmation dialogs where not mobile friendly in portrait.



Proofpoint Essentials Security Awareness Release Notes  Dec 18 2023

Improvements:

 

New phishing campaign templates added to Security Awareness in November 2023.

 

image

 

 



4 December 2023


New Feature Announcement:


Introducing PhishAlarm for Security Awareness. 



PhishAlarm is an Add-in for Microsoft Exchange that allows users to easily report suspicious email without being encumbered to remember an ever-changing abuse box address or the correct format (headers and email bodies) to forward suspicious emails. PhishAlarm displays a button in the supported email client which, when clicked, will forward the email to defined email addresses. Typically, these email addresses are either an abuse box or members of your organization’s incident response and security team. 


Access Now


Click on Security Awareness > Launch Platform

Click PhishAlarm > Add-in Setup

Click the Setup tab.





3 December 2023

Bug Fixes:

- Resolves an issue that prevented read-only users from accessing email security package details on the licensing page.


- Resolves an issue where users logging into their Email Archive now correctly land on the Email Archive page instead of their home page. (Live from 5th December)


- Removes the option to 'Report a False Negative' for messages in the Attachment Defense queue to enhance user feedback.




27 November 2023

Improvements:


Introduces PhishAlarm for Security Awareness. 

PhishAlarm is an Add-in for Microsoft Exchange that allows users to  easily report suspicious email without being encumbered to remember an ever-changing abuse box address or the  correct format (headers and email bodies) to forward suspicious emails. PhishAlarm displays a button in the supported email client which, when clicked, will forward  the email to defined email addresses. Typically, these  email addresses are either an abuse box or members of your organization’s incident response and security team.


Now displays the organizations timezone in log search results via tooltip.


Bug Fixes:

- Fixes an issue where URL's were being rewritten incorrectly by URL Defense.

- Fixes an issue where both HTML and plaintext content were being shown for multipart/alternative messages in Quarantine preview.



20 November 2023


Improvements:

 

New phishing campaigns templates and teachable moments added to Security Awareness in October 2023.

 





6 November 2023  

Improvements:

- Adds a new confirmation prompt when reporting a message as spam.

- Adds a new confirmation prompt to "release", "release & approve" and "block" digest actions.



30 October 2023  

Improvements:

- Administrators now have access to view Sender Policy Results within message details.

- Improves scanning for calendar messages.


Bug Fixes:

- Bounced and out-of-office messages will now be correctly attributed to a user.

- Fixes an issue where administrators were unable to release items from quarantine on the user log search page.

- Resolves a bug that caused delays when adding a new domain.

- Fixes a bug where the "Hide email from log" action failed to display a success banner.

- Updates end user Senderlist description to align with the actual behavior.



23 October 2023  

Improvements:

New phishing campaign templates and teachable moments added to security awarness in September 2023.


9 October 2023  

Available to all customers by October 11th, 2023. No actions are required to receive this update.

Version 5.20231005
 

Bug Fixes:

- Fixes a bug where shared mailboxes were incorrectly receiving email letters when synced through New Azure User Sync. 


3 October 2023 

Available to all customers by October 5th, 2023. No actions are required to receive this update.

Version 5.20230929
 

Improvements:

- When creating a new customer in the UI, the license package will now default to Advanced+.
- Improves the accuracy of Dashboard: Threats by Domain (Spam count).
- Introduces a new error message in Archive when invalid IMAP server connection details are entered.

Bug Fixes:

- Fixes a bug where outbound bounce emails were triggering encryption filters.
- Fixes a bug where certain end users were unable to update their own profile settings.
- Fixes an issue where quarantine preview would cause an error.
- Fixes a bug in specific user logs when searching for domains.
- Fixes an issue where silent users were prompted to log in to Essentials after releasing from digest.
- Fixes an issue where One-Click Message Pull would fail to action multi-selection tasks.


18 September 2023

Available to all customers by. No actions are required to receive this update.

Improvements:

Proofpoint Essentials Security Awareness - DMARC Reject Policy

We have updated the DMARC policy to “reject” for our securityeducation.com domain to secure its email stream. This brings the domain’s email authentication posture in line with Proofpoint’s best practices, and what we advocate for as an email security provider. DMARC is intended to reduce email-based fraud and improve the reliability of email delivery. For this reason, it’s important as a DMARC vendor to protect our own domains from abuse but also to set an example for our customers of what DMARC-protected domains look like. Given the nature of securityeducation.com from both a customer perspective and the potential for abuse, it is exceptionally important we move to a reject policy in a safe manner. This change will have no impact on the delivery of emails from the securityeducation.com domain.

13 September 2023

Available to Proofpoint Essentials Security Awareness customers now. No actions are required to receive this update.

Improvements:

New phishing campaigns templates and teachable moments added to Security Awareness in August 2023.

List of Security Awareness content related updates

11 September 2023

Available to all customers by September 13th, 2023. No actions are required to receive this update.

Version 5.20230908
 

Improvements:

- Removes Plain Text LDAP option from Active Directory settings.

Bug Fixes:

- Fixes an issue where emails would say blocked during the attachment sandboxing phase.
- Fixes a bug where Threat Reporting - Scheduled List would cause an error when editing or deleting a favourited scheduled report.
- Fixes an issue where a white-labeled customer wasn't having their phone number or website added to welcome emails.
- Fixes an issue that resulted in scheduled reports not being sent.
- Removes blank graphs from reports.

5 September 2023

Available to all customers by September 7th, 2023. No actions are required to receive this update.

Version 5.20230825
 

Improvements:

- Increases the digest action rate limit from 50 (up from 12).
 

Bug Fixes:

- Fixes a bug that intermittently caused duplicates in SMTP Discovery List.
- Fixes an issue where country code under User page default to blank after Azure sync updates.

21 August 2023

Available to all customers by August 23rd, 2023. No actions are required to receive this update.

Version 5.20230816


Improvements:

-  Drop downs in Manage Profile for Admin, Billing and Tech contacts are sorted according to admin level and alphabetical.
 

Bug Fixes:

-  Fixes an issue where Threat Reports > Monthly Reports was not displaying stats for 30 days.

-  Fixes a problem that was prevented EWT and Disclaimers to be added to the same message.

-  Corrects an issue that resulted in Scheduled Reports not being sent.

-  Resolves an issue where Welcome Emails were displaying #name# instead of actual company name in both preview and test email.

-  Fixes an issue that prevented customers from performing actions on Learn More in EWT.

-  Fixes a bug that prevented One-Click Message Pull to retract message on specific user logs.

-  Fixes an issue that intermittently caused OAuth to be disabled when the Azure Directory Sync page was saved or manually ran.

16 August 2023

Available to Proofpoint Essentials Security Awareness customers now. No actions are required to receive this update.

Improvements:

New phishing campaigns templates and teachable moments added to Security Awareness in July 2023.

List of security awareness content changes.

 

14 August 2023

Available to all customers by August 16th, 2023. No actions are required to receive this update.

Version 5.20230811


Improvements:

-  Enhances the performance of domain lookups, resulting in much faster processes for customer creation, domain creation, and API endpoint requests.

-  ConnectWise agreements are now filtered by company.

-  Links in the following components are now encrypted: Easy Spam Disclaimer, Email Digests, Suspend Delivery Alerts, Message Details & Filter Alert.
 

Bug Fixes:

-  Resolves an issue where ConnectWise details saved by specific customers were not being displayed.

-  Fixes a problem that was preventing certain products and companies from appearing when being mapped to ConnectWise.

-  Addresses an issue that caused user rate limits to be incorrectly calculated.
 

31 July 2023

To improve the accessibility of product updates, all new product release notes will be centralized in one convenient location: here 

Available to all customers by August 2nd, 2023. No actions are required to receive this update.

Version 5.20230727 

 

Improvements 

-  Adds radio button to toggle between include and exclude parameters on Traffic by Address report.

-  Adds Attachment Defense threats to Daily and Monthly Threat Reports under Virus category.

-  Adds total to the Active Mailbox report stats table & export.

-  Removes "Stop Receiving These Reports" from Scheduled Reports email.  

-  Improvements to digest delivery timing.

 

Bug Fixes

-  Corrects an issue that caused some character sets to not display correctly in Email Logs, Message Details, Easy Spam Disclaimer & Email Digests.

-  Addresses a problem that prevented the delivery of SMS spooling alerts to certain users.

-  Fixes an issue which caused different time periods to be applied when viewing reports.

-  Corrects a display issue related to Dashboard exports, ensuring that the exported version now adopts a landscape orientation.

-  Addresses a minor display issue on the Monthly Traffic report graph.