Release Notes
9 December 2024
Available to all customers by December 10th, 2024 No actions are required to receive this update.
New Email Encryption experience
We are excited to announce our new Email Encryption experience, designed to simplify and enhance secure communication. These updates offer increased flexibility, greater control, and an improved user experience. Please note that messages sent before the transition to the new experience will remain accessible through the old interface. External recipients will still be able to view and respond to encrypted messages sent prior to the change using their existing login credentials. These messages will be accessible until they expire after 14 days.
To preview what’s coming , click here
Updates include:
Fresh Look and Feel - New styling updates ensure encryption aligns seamlessly with the Proofpoint Essentials user experience. The secure reader interface supports white-labeling and automatically inherits customer branding for a cohesive, customized look.
One-Time Encrypted Links - External recipients now have streamlined access to encrypted emails without needing to create an account or log in. This frictionless feature enhances the user experience, ensuring that secure communication remains as simple as possible.
Read Receipts - Stay informed with the new read receipts feature, providing senders with automatic notifications when their encrypted messages are opened.
Thread Expiry - Take greater control of encrypted conversations with the new thread expiry feature. This enhancement allows administrators and original thread owners to easily revoke access to entire encrypted email threads, ensuring tighter management of sensitive information.
Improved Message Threading - Helps external users stay informed and engaged with enhanced message threading that preserves context and organization. This improvement makes conversations more intuitive, reducing confusion and enhancing the overall user experience.
Extended Access to Encrypted Messages - Encrypted messages can now be accessed for up to 30 days (previously 14 days), providing users with greater flexibility and convenience to manage and access communications at their own pace.
4 December 2024
Important Announcement: Microsoft Add-in Permissions Update in January 2025
Microsoft is updating its add-in permissions process in January 2025, requiring PhishAlarm and Email Encryption Add-in users to take specific actions to maintain uninterrupted functionality. This update transitions from legacy Exchange tokens to Nested App Authentication (NAA), enhancing authentication and identity protection for Office 365 users.
Affected Products:
- PhishAlarm Add-in for Microsoft 365
- Email Encryption Add-in for Microsoft 365
(On-premise Exchange customers are unaffected.)
Required Actions for Admins:
For the PhishAlarm Add-in:
1. Log in to the Proofpoint Security Awareness (PESA) platform.
2. Navigate to: Security Awareness Platform > Alerting > Add-in Setup > Install.
3. Authenticate as a Global Administrator in Microsoft 365 and accept the necessary permissions.
For the Email Encryption Add-in:
1. Log in to your Microsoft 365 Admin Account.
2. Access the following URL: https://login.microsoftonline.com/organizations/adminconsent?client_id=215c2929-b469-432f-aa45-2e018f456e51
3. Grant permissions across your organization by following the instructions on the screen.
Additional Information:
For more details and a step-by-step guide, refer to the Nested App Authentication Update - Proofpoint Essentials Add-ins documentation here
3 December 2024
Available to all customers by December 5th, 2024 No actions are required to receive this update.
Improvements
New Report Available - Inbound Email Protection Breakdown - All Customers (US Region)
The latest report Inbound Email Protection Breakdown - All Customers offers a thorough summary of the different mechanisms and strategies utilized to detect harmful inbound emails. This report serves as an essential resource in fortifying your customers email. It provides a consolidated overview of incoming messages, highlighting those that are either blocked or delivered across all your customers.
The report showcases the proactive measures taken to block or clean suspicious emails before they reach the inbox, ensuring enhanced security and peace of mind.
To view the Report - Threat Reporting > Reports > Inbound Email Protection Breakdown (All Customers)
- A new field, Last Successful Sync, has been added to the Azure API endpoint. This field returns the timestamp of the most recent successful Azure user synchronization for the customer.
- Timezone label added to API Documentation.
Bug Fixes
- EasySpam Disclaimers are now correctly removed from outbound emails.
- Resolves an issue where some entities in the EU stack experienced dashboard loading issues on the first attempt, and export functionality was non-operational.
- Updates email logs to accurately display the admin who released the email, eliminating confusion caused by previously logging the user.
- Functional accounts will no longer be synced to Security Awareness.
- Fixes an issue where the "Download" button for quarantined emails in the User Logs was not functioning.
25 November 2024
Available to Proofpoint Essentials Security Awareness customers now. No actions are required to receive this update.
Improvements:
Notification Customization
PhishAlarm prompts and end-user communications now offer a greater array of editing options. The new text editor tools to improve customization and branding. Includes the following:
- Images Hyperlinks
- Text editing
A new preview function now shows what users can expect to see when reporting an email before the changes are introduced to a wider audience.
19 November 2024
Available to Proofpoint Essentials Security Awareness customers now. No actions are required to receive this update.
Improvements:
New phishing campaign templates added to Security Awareness in October 2024.
18 November 2024
Exciting Updates Coming To Email Encryption
We are excited to announce our new Email Encryption experience, designed to simplify and enhance secure communication. These updates offer increased flexibility, greater control, and an improved user experience.
Please note that messages sent before the transition to the new experience will remain accessible through the old interface. External recipients will still be able to view and respond to encrypted messages sent prior to the change using their existing login credentials. These messages will be accessible until they expire after 14 days.
Updates include:
Fresh Look and Feel - New styling updates ensure encryption aligns seamlessly with the Proofpoint Essentials user experience. The secure reader interface supports white-labeling and automatically inherits customer branding for a cohesive, customized look.
One-Time Encrypted Links - External recipients now have streamlined access to encrypted emails without needing to create an account or log in. This frictionless feature enhances the user experience, ensuring that secure communication remains as simple as possible.
Read Receipts - Stay informed with the new read receipts feature, providing senders with automatic notifications when their encrypted messages are opened.
Thread Expiry - Take greater control of encrypted conversations with the new thread expiry feature. This enhancement allows administrators and original thread owners to easily revoke access to entire encrypted email threads, ensuring tighter management of sensitive information.
Improved Message Threading - Helps external users stay informed and engaged with enhanced message threading that preserves context and organization. This improvement makes conversations more intuitive, reducing confusion and enhancing the overall user experience.
Extended Access to Encrypted Messages - Encrypted messages can now be accessed for up to 30 days (previously 14 days), providing users with greater flexibility and convenience to manage and access communications at their own pace.
To preview what’s coming, click here.
The rollout of our new Email Encryption experience will begin the week of Monday, December 9, 2024.
30 October 2024
Upcoming Proofpoint Essentials Security Awareness Platform Maintenance - All Regions:
We have several security and infrastructure updates to the Security Education Platform to perform. There are no features being release during this outage, only required upgrades that are needed to ensure security and continued operation of he platform. During the maintenance period, you may see intermittent impact to the security awareness admin console and training modules.
EU & US Environments
Saturday November, 9th from 10:00am UTC to 6:00pm UTC
28 October 2024
Available to all customers by October 31st, 2024 No actions are required to receive this update.
Improvements
New Feature: Domain Mail Relay Status
Easily check if a domain is set up and ready to receive emails! The Mail Relay Status shows when a domain is fully prepared for email relay, so you’ll know the exact moment it’s ready to start receiving messages. Also available via API.
Active - This relay domain is active and successfully processing emails. All emails routed through it are being relayed according to the configured settings.
Relay Activating - Activating a relay domain usually takes 30 minutes to an hour. During this period, the domain may not relay emails until the activation process is fully complete.
Relay Deactivating - Deactivating a relay domain typically takes 30 minutes to an hour to fully process. During this time, emails may continue to be relayed through the domain until deactivation is complete.
Relay Disabled - This relay domain is currently inactive, and emails routed through it are not being relayed.
Bug Fixes
- Fixes an issue where the API specification page did not display correctly due to a rendering error.
21 October 2024
Available to all customers by October 23rd, 2024 No actions are required to receive this update.
Improvements
- Updates the default package for customer creation to "Advanced+" (both API and UI).
- Enables the "Quarantine email suspected of being phish" spam setting for all customers and removes the ability to disable this spam setting feature.
Bug Fixes
- Fixes an issue where read-only admins would experience a blank email when using the preview email option.
- Fixes an issue with filter where if the email was formatted a specific way, it would bypass the filter check that should have been triggered.
- Fixes an issue where a Beginner+ customer would lose their ability to change their package where their Beginner+ privilege was removed.
- Fixes an issue where subject tags (e.g. external) were not being applied on sandbox release.
- Fixes an issue with Easyspam disclaimer causing certain emails to receive a malformed disclaimer.
- Fixes an issue where admins were unable to update Attachment Defense Safe Sender List.
- Fixes an issue in the Azure Sync Report where group name was not displaying in the delete section.
- Fixes an issue where filtering by "In Attachment Defense Sandboxing" on logs page would display in all categories.
18 October 2024
Available to Proofpoint Essentials Security Awareness customers now. No actions are required to receive this update.
Improvements:
Scheduled Notifications
We’ve added a time and time zone selection to the Assignment Notification and Reminder Notification settings. This will provide admins with the ability to specify the time that notifications will be sent to their end-users within a given Training Assignment.
44 New Training Modules
We’re excited to announce the expansion of our training library modules. These new modules cover a wide range of security topics, offering users deeper insights into threats like phishing, social engineering, and ransomware. After completing this expanded training, users will have enhanced knowledge of emerging threats, better understand best security practices, and be more prepared to safeguard sensitive information.
What's New:
New Training Modules: We’ve expanding the Proofpoint Essentials Security Awareness program adding 44 new training modules.
New Module Type – Multi-Path Adventure: These modules provide an interactive, scenario-based experience, where users make decisions in real-world security situations and see the outcomes of their choices
Name | Type | Runtime |
60 Seconds to Better Security: AI Chatbot Threats | Animated Video | 1 minute(s) |
A Date to Forget | Multi-Path Adventure | 9 minute(s) |
A Step Too Far | Multi-Path Adventure | 12 minute(s) |
Abstract Data | Multi-Path Adventure | 9 minute(s) |
An Education in Reporting | Multi-Path Adventure | 9 minute(s) |
An Unexpected Call | Multi-Path Adventure | 12 minute(s) |
An Urgent Request | Multi-Path Adventure | 9 minute(s) |
Anti-Fraud and Bribery | Interactive | 12 minute(s) |
Anti-Money Laundering | Interactive | 12 minute(s) |
Avoiding Dangerous Attachments | Interactive | 8 minute(s) |
Avoiding Dangerous Links | Interactive | 9 minute(s) |
BEC Scams | Interactive | 12 minute(s) |
Behind Closed Doors | Multi-Path Adventure | 12 minute(s) |
Behind Your Back | Multi-Path Adventure | 12 minute(s) |
Being Smart With Social Media | Animated Video | 2 minute(s) |
Beyond Passwords | Interactive | 11 minute(s) |
Data Entry Phishing | Interactive | 8 minute(s) |
Deadline Demands | Multi-Path Adventure | 12 minute(s) |
Device Disaster | Multi-Path Adventure | 9 minute(s) |
Don't Bet On It | Multi-Path Adventure | 12 minute(s) |
Double 'Oh... No' | Multi-Path Adventure | 12 minute(s) |
Email Attack Methods: Business Email Compromise | Animated Video | 3 minute(s) |
Email Attack Methods: Credential Compromise | Animated Video | 2 minute(s) |
Email Protection Tools | Interactive | 15 minute(s) |
Email Protection Tools | Interactive | 6 minute(s) |
Email Security | Training Game | 20 minute(s) |
Email Security on Mobile Devices | Interactive | 10 minute(s) |
Fake It 'Til You Make It | Multi-Path Adventure | 12 minute(s) |
Freedom of Information | Interactive | 12 minute(s) |
GDPR: In Action | Interactive | 6 minute(s) |
General Data Protection Regulation (GDPR): Overview | Interactive | 8 minute(s) |
Hazards of Hacking | Interactive | 12 minute(s) |
HIPAA Overview | Animated Video | 12 minute(s) |
Holding Health to Ransom | Multi-Path Adventure | 10 minute(s) |
Incident Reporting | Interactive | 12 minute(s) |
Insider Threat Overview | Interactive | 12 minute(s) |
Insider Threats | Interactive | 12 minute(s) |
Internet Enabled Nightmare | Multi-Path Adventure | 12 minute(s) |
Introduction to Phishing | Interactive | 19 minute(s) |
Introduction to Phishing Emails and Websites | Interactive | 12 minute(s) |
Malicious Insider Threat | Interactive | 9 minute(s) |
Malware & Ransomware | Interactive | 12 minute(s) |
Malware Attacks | Interactive | 10 minute(s) |
Mobile Device Defence | Interactive | 12 minute(s) |
Mobile Device Security | Live Action Video | 11 minute(s) |
Mobile Device Security | Interactive | 22 minute(s) |
Mobile Devices: Common Risks and Threats | Animated Video | 2 minute(s) |
Mobile Devices: Physical Security Fundamentals | Animated Video | 2 minute(s) |
Modern Slavery Act | Interactive | 12 minute(s) |
Multi-Factor Authentication | Interactive | 6 minute(s) |
Nerves of Steel | Multi-Path Adventure | 12 minute(s) |
Password Management | Interactive | 13 minute(s) |
Password Policy | Interactive | 7 minute(s) |
PCI Disaster | Multi-Path Adventure | 9 minute(s) |
PCI DSS | Interactive | 12 minute(s) |
Perfect Your Password | Interactive | 12 minute(s) |
Perfecting Passwords | Animated Video | 2 minute(s) |
Personally Identifiable Information | Interactive | 12 minute(s) |
Phish Finder: Spotting Warning Signs (Beginner) | Animated Video | 2 minute(s) |
Physical Security | Interactive | 14 minute(s) |
Physical Security | Interactive | 12 minute(s) |
Physical Security Fundamentals | Animated Video | 2 minute(s) |
PII Fundamentals | Interactive | 16 minute(s) |
PII in Action | Interactive | 11 minute(s) |
PII In Action | Animated Video | 10 minute(s) |
Precursor to Phishing | Interactive | 5 minute(s) |
Precursor to Phishing | Animated Video | 9 minute(s) |
Privileged Access Awareness | Interactive | 12 minute(s) |
Protecting Data | Interactive | 12 minute(s) |
Public Data vs. Non-Public Data | Animated Video | 2 minute(s) |
Remote Working: Recognizing the Risks | Animated Video | 2 minute(s) |
Remote Working: Reducing the Risks | Animated Video | 2 minute(s) |
Safe Social Networks | Interactive | 16 minute(s) |
Safer Web Browsing | Interactive | 23 minute(s) |
Secure Printing | Interactive | 12 minute(s) |
Securing Data: Know Your Role | Animated Video | 2 minute(s) |
Security Basics: Data Handling and Security | Animated Video | 2 minute(s) |
Security Basics: Insider Threats | Animated Video | 2 minute(s) |
Security Basics: Passwords and Authentication | Animated Video | 2 minute(s) |
Security Basics: Physical Security and Remote Working | Animated Video | 2 minute(s) |
Security Beyond the Office | Interactive | 15 minute(s) |
Security Beyond The Office | Interactive | 12 minute(s) |
Security Essentials | Interactive | 14 minute(s) |
Security Essentials: Data Protection | Interactive | 3 minute(s) |
Security Essentials: Introduction | Interactive | 1 minute(s) |
Security Essentials: Physical Security | Interactive | 3 minute(s) |
Security Essentials: Protecting Accounts, Devices, and Systems | Interactive | 4 minute(s) |
Security Essentials: Secure Remote Working | Interactive | 3 minute(s) |
Shielding Against Spear Phishing | Interactive | 12 minute(s) |
Social Engineering | Interactive | 12 minute(s) |
Social Engineering | Interactive | 19 minute(s) |
Social Engineering: Many Methods, Many Motives | Animated Video | 2 minute(s) |
Social Media Roller Coaster | Multi-Path Adventure | 12 minute(s) |
Social Network Nightmare | Multi-Path Adventure | 9 minute(s) |
Social Networking | Interactive | 12 minute(s) |
Spear Phishing Threats | Interactive | 12 minute(s) |
Spotting Invoice Scams | Interactive | 12 minute(s) |
Surfing the World Wide Web | Interactive | 12 minute(s) |
Swiped Right Into Trouble | Multi-Path Adventure | 12 minute(s) |
TAKEOVER: BEC Scams | Multi-Path Adventure | 12 minute(s) |
TAKEOVER: Digging For Data | Multi-Path Adventure | 12 minute(s) |
The Problem With Public Wi-Fi | Animated Video | 2 minute(s) |
Travel Security | Interactive | 8 minute(s) |
Under Surveillance | Multi-Path Adventure | 12 minute(s) |
Unintentional Insider Threat | Interactive | 10 minute(s) |
URL Fundamentals | Interactive | 18 minute(s) |
URL Fundamentals | Animated Video | 16 minute(s) |
Web Browsing: Identifying Threats (Beginner) | Animated Video | 2 minute(s) |
When Emotions Run High: USB Drives | Live Action Video | 2 minute(s) |
Working From Home | Interactive | 12 minute(s) |
Working From Home (COVID-19) | Interactive | 12 minute(s) |
Workplace Security in Action | Interactive | 14 minute(s) |
7 October 2024
Available to Proofpoint Essentials Security Awareness customers now. No actions are required to receive this update.
Improvements:
New phishing campaign templates added to Security Awareness in July & August 2024.
1 October 2024
Available to all customers by October 4th, 2024 No actions are required to receive this update.
Improvements
- When a user attempts to perform a block action from a digest, the system will now use the "From" header address if no envelope sender exists.
- Email Warning Tag domain age threshold increased to 90 days (previous 30 days)
- API Terms added to API documentation.
The API has been expanded to accept multiple values in the 'stateprov' field.
Users can now input not only the standard two-letter state abbreviations (e.g., CA, TX, AZ) but also full state names (e.g., "California," "Texas," "Arizona").
Additionally, a combination of both formats is supported, using a hyphen (e.g., "CA - California").
Bug Fixes
- Fixes an issue where the Puerto Rico and St Thomas time zones had an incorrect definition.
- Resolves an issue with Email warning tags where paragraphs were being set to one line per paragraph in some instances.
- Corrects filter action behaviour. If an outbound filter generated a notification for a quarantined email, then the general alert would not be sent.
16 September 2024
Available to all customers by September 19th, 2024 No actions are required to receive this update.
Bug Fixes
- Fixes an issue with Email Warning Tags that caused Block option to not be visible through learn more link for emails sent to an alias address.
- Fixed an issue with Email Warning Tags and One Click Removal settings not applying correctly from custom templates.
9 September 2024
Available to all customers by September 12th, 2024 No actions are required to receive this update.
Bug Fixes
- Fixes an issue with mail previews that resulted in a blank page being displayed.
27 August 2024
Available to all customers by September 4th, 2024 No actions are required to receive this update.
Improvements
- When a user attempts to perform a block action from a digest, the system will now use the "From" header address if no envelope sender exists.
Bug Fixes
- Fixes an issue where the send and delete functions would temporarily be unavailable in Emergency Inbox until the browser was refreshed.
- Fixes an issue that caused some Easy-Spam-Reporting Disclaimers to be malformed in plain text emails.
19 August 2024
Available to all customers by August 21st, 2024 No actions are required to receive this update.
Improvements
- Digest: Emails classified as Impostor will no longer be listed in user digests. They will remain visible in Log Search.
- Log Preview Headers now show all available public headers in existing order (used to be alphabetical), including duplicates.
- Adds a new license package quick-view when creating a new customer via the UI.
Bug Fixes
- Fixes an issue where manual user syncs didn't trigger an error when tech contacts were set to be deleted from the action.
12 August 2024
Available to all customers by August 15th, 2024 No actions are required to receive this update.
Bug Fixes
- Fixed an issue where the EWT feature continued to remain active for ineligible license packages after the trial period of a higher-tier package had ended.
- Removes checkbox next to objects that cannot be exempted from Azure Directory Sync.
- Fixes an issue where the Resend option could be used to release quarantined mail.
- Fixes the error code displayed when Org Admins attempts to modify a partner created Outbound-Allow Filter policy.
29 July 2024
Available to all customers by July 31st, 2024 No actions are required to receive this update.
Improvements
- Connectwise Integration: Improved checks for active additions.
- Updated code around CSV Import to allow for import of phone numbers.
Bug Fixes
- Resolves an issue where sync exemptions would count alias addresses as primary addresses.
- Resolves a bug where Azure Directory Sync would continue to run despite being disabled.
- Removes a visual line in the breadcrumb border.
- Fixes an issue where users were unable to use the delete/hide option from their logs.
22 July 2024
Available to all customers by July 26th, 2024 No actions are required to receive this update.
Improvements
- Azure secret expiry now fetched after each sync to display in customer table.
- Updates default package in customer creation (portal only, not API). New default is Advanced+.
- Exposes more data in the Message Details Logs, new fields:
> Current spam threshold (Shows the recipients current spam threshold settings).
> Current stamp&forward setting (Shows if the recipient has Spam, Stamp & Forward enabled).
> Encryption Recipient notified (Shows if the recipient has received encryption notifications).
> Warning Tags Applied (Shows which Warning Tag was applied to the message if the feature is enabled).
Example
Bug Fixes
- Resolves an issue where templates would override the Azure Version 2 enablement and revert to Azure Version 1.
- Resolves a bug in the billing API regarding Products and Bundles.
- Verbiage updated under Attachment Defense and URL Defense tabs.
8 July 2024
Available to all customers by July 10th, 2024 No actions are required to receive this update.
Improvements
- Adds Azure information to the API endpoint GET v1 /Settings/Azure to help partners manage Azure Sync settings:
- Added "SecretExpiration" field for Azure Expiry Date ID
- Added "Azure Sync Version" field for Azure Version
- SMTP Auth - The password field now hides input text, and the generated password can be copied to the clipboard.
- Added a new log search icon to the customers table to make the action clearer.
- Minor UX improvements.
Bug Fixes
- Resolves an issue that was preventing the Azure sync report from displaying
- Resolves a bug that was causing the billing endpoint /orgs to not display trial data.
28 June 2024
Available to Proofpoint Essentials Security Awareness customers now. No actions are required to receive this update.
Improvements:
New phishing campaign templates added to Security Awareness in May 2024.
18 June 2024
Available to all customers by June 21st, 2024 No actions are required to receive this update.
Bug Fixes
- Fixes an issue that prevented some customers from viewing the body of an email in Archive.
- Fixes a bug where customers with exceptionally long Azure Secret Expiration dates were unable to sync.
- Fixes an issue where addresses not belonging to a user cannot be removed from the exemptions list.
17 June 2024
Upcoming Proofpoint Essentials Security Awareness Platform Maintenance - EU Region:
We have several security and infrastructure updates to the Security Education Platform to perform. There are no features being release during this outage, only required upgrades that are needed to ensure security and continued operation of he platform. During the maintenance period, you may see intermittent impact to the security awareness admin console and training modules.
EMEA Environment (EU1 Customers):
Saturday June, 22nd from 11:00am UTC to 7:00pm UTC
No impact to US region customers.
10 June 2024
Available to all customers by June 12th, 2024 No actions are required to receive this update.
Bug Fixes
- Fixes an issue where some customers were not seeing the correct Azure version in the ui, customer table or in exports.
- Fixes an issue that prevented Azure Directory Sync V1 from manually and automatically syncing for some customers.
5 June 2024
We are excited to announce the addition of 12 new Security Awareness training modules.
Available to Proofpoint Essentials Security Awareness customers now. No actions are required to receive this update.
New Modules
Module Name | Description |
Email Protection Tools | This training will introduce you to how email protection tools help keep you and your organization safe. |
Mobile Devices: Common Risks and Threats | There's no denying the convenience of mobile devices. They are a fixture in our work and personal lives. We take our smartphones, tablets, smart watches, and health trackers nearly everywhere we go. This portability increases the risk of devices being lost or stolen. But those aren't the only threats to your devices and the data they hold. |
Mobile Devices: Physical Security Fundamentals | Mobile devices are valuable tools for both work and personal use. But the same features that make them so convenient, such as small size and easy mobility, are also security risks. And replacing these devices can be a big challenge, so that's why physical security measures are critical. Two simple practices mentioned in this module can help you keep track of your devices. |
Email Attack Methods: Credential Compromise | Credential compromise is one of the most common types of email attack. This module will explain how credential compromise attacks work and what to do if you receive an email that asks for credentials. |
Perfecting Passwords | Keeping track of passwords can be challenging. But that's nothing compared to having your accounts compromised and information stolen! One of the most common problems with passwords ‚ is that they're common. Another problem: The shorter a password is, the easier it is for attackers to guess. It's crucial you understand how to create strong and secure passwords. |
Remote Working: Reducing the Risks | Remote working has become increasingly common‚ and convenient. But no matter where you work, your organization's policies and procedures still apply. They help keep data, devices, and systems secure. This module will explain the protocols and ways to minimize risks, even if they take a bit of extra time when working remotely. |
Public Data vs Non-Public Data | Some types of information are more sensitive than others. Organizations use different labels for these data types. But at a basic level, organizational data can be classified in one of two ways: as public data or non-public data. It's crucial that you understand the differences between the two, and how to handle data. |
Security Data: Know Your Role | Employees interact with data in many different ways. And different organizations hold different types of data. Obviously, some information is more sensitive than others. Cybercriminals often target people based on their access to important data. It's crucial that you recognize how to keep data secure. |
The Problem With Public Wi-Fi | This video is part of our 60 Seconds to Better Security series, and will give a basic explanation of why using public Wi-Fi can be a problem. |
Travel Security | This training will help you to recall security measures to take while traveling, including options for secure connectivity. |
When Emotions Run High: USB Drives | USB drives, while incredibly convenient, pose significant security risks when not handled properly. In this episode, we learn how to take the drama out of finding a USB drive. |
Security Basics: Passwords and Authentication | This Security Basics course provides foundational information on concepts related to password management. |
Note - As part of this update, we will also be sunsetting some of our older modules on 14th June . Click here for more information.
3 June 2024
Available to all customers by June 5th, 2024 No actions are required to receive this update.
Improvements:
- Improved User Sync: Azure User Sync v2 for New Customers
Overview
Azure User Sync v2 will be the default version applied for new customers. This enhancement streamlines user management, saving time for admins by improving user attribution when syncing from M365. It seamlessly updates user types, preserves attributes, and ensures uninterrupted mail flow for shared mailboxes and distribution lists. Note, this update won’t impact existing customers.
Enhanced User Creation
Azure Sync has been enhanced to exclusively include active, licensed M365 users when creating new active user accounts. Specifically, it will now include users with the account_enabled flag set to true and those holding an active exchange license. Previously, this process included only users with the account_enabled flag set to true, regardless of their licensing status.
User Account Type Updates
When modifying a user's account type, there is no longer a requirement for the synchronization process to delete and recreate the account. Instead, user types will be updated seamlessly while preserving all existing user attributes, such as sender lists, log details, user filters, and more. Previously, user accounts would have been recreated during this process.
Functional Account Sync
Users with account_enabled set to false will now be synchronized as functional accounts. Previously, these users were synchronized as disabled users, leading to mailflow interruptions. This enhancement ensures uninterrupted mail flow for shared mailboxes and distribution lists. Previously, these accounts would have been assigned as disabled users, resulting in halted mailflow.
- Three new fields added to the customer table - Azure App ID, Azure Sync Version and Azure Secret Expiry. Azure secret expiry will be set and updated upon saving azure user sync settings.
30 May 2024
Available to Proofpoint Essentials Security Awareness customers now. No actions are required to receive this update.
Improvements:
New phishing campaign templates added to Security Awareness in April 2024.
29 May 2024
Upcoming Changes to Proofpoint Essentials - Security Awareness
On June 14, 2024, we are excited to announce the addition of new modules for all customers with a Proofpoint Essentials - Security Awareness subscription. As part of this update, we will also be sunsetting some of our older modules. Click here for more information.
28 May 2024
Available to all customers by May 30th, 2024 No actions are required to receive this update.
Improvements:
- Updated verbiage for the Microsoft 365 Integration tile found under Integrations.
- UI warning banner when attempting to enable both Azure Directory Sync and LDAP.
Bug Fixes
- API: Multi-response API fixed for POST users.
20 May 2024
Available to all customers by May 22nd, 2024 No actions are required to receive this update.
Improvements:
- Removes 'learn more' links on licensing and billing pages for Email Security.
- API: Billing API, customer "type" has been renamed to "customer_type" (matching v0)
- API: Billing API, spelling of "organisation" has been changed to "organization"
- DLP: Smart Identifiers are now alphabetized for ease of use.
- DLP: Introduces over 100 new Personal Information Smart Identifiers (See list below)
Argentina CBU number Argentina DNI Number Austria Passport Number Belgium National Identification Card Number Belgium Passport Number Belgium National Identification Number Bulgaria National Identification Number Bulgaria Passport Number Bahrain National Identification Number Swiss AHV Number (New) Swiss AHV Number (Old) Switzerland Passport Number Chile RUT Number Denmark Passport Number Cyprus Passport Number Czech Republic National Identification Number Czech Republic Passport Number Spain Passport Number Estonia Personal Identification Code Estonia Passport Number Finland Passport Number | Generic Drivers License Machine Readable Passport Mexico CURP Number Malta National Identification Number Malta Passport Number Malaysia National Registration Identity Card Number Netherlands National Identification Number Citizen Service Number Netherlands Old National Identification Number Netherlands Passport Number Norway Passport Number New Zealand IRD Number Poland Passport Number Portugal Citizens Card Number Portugal Passport Number Qatar Identity Card Number Romania National Identification Number Romania Passport Number Russia Taxpayer Identification Number Slovakia National Identification Number Slovakia Citizens Identification Card Number | Slovakia Passport Number Slovenia National Identification Number Slovenia Passport Number Sweden Passport Number Turkey Personal Identification Number American Samoa ID Guam ID Northern Marina Island ID Puerto Rico ID Card US Virgin Islands ID Card US Medicare Beneficiary ID Passport (APEC application only) US State ID Driver License American Samoa Driver License Guam Driver License Northern Mariana Islands Driver License Puerto Rico Driver License US Virgin Islands Alberta Drivers License British Columbia Drivers License Manitoba Drivers License | New Brunswick Drivers License Newfoundland Drivers License Nova Scotia Drivers License Northwest Territories Drivers License Nunavut Drivers License Ontario Drivers License Prince Edward Island Drivers License Quebec Drivers License Saskatchewan Drivers License Yukon Drivers License Canada Northwest Territories ID Canada Nunavut ID Canada Yukon ID Greece Identification Card Greece Identification Card (Old Format) Greece Passport Number Croatia Personal Identification Number Croatia Passport Number Hungary National Identification Number Hungary Passport Number Indonesia National Identification Number | Ireland New National Identification Number Ireland National Identification Number Ireland Passport Number Iceland National Identification Number Iceland Passport Number Italy Passport Number Japan MyNumber (individual) Japan MyNumber (corporate) Kuwait National Identification Number Lebanon Identification Card Number Liechtenstein National Identification Number Liechtenstein Passport Number Lithuania National Identification Number Lithuania Passport Number Luxembourg Passport Number Latvia National Identification Number Latvia Passport Number Venezuela CDI Number |
Bug Fixes
- Fixes an issue where administrators were unable to export customer lists via the UI.
- Resolves scenarios where bounced mail that had been resent didn't show correct released, released by and released date.
- Fixes a bug where administrators were unable to delegate permissions in Archive.
7 May 2024
Available to all customers by May 9th, 2024 No actions are required to receive this update.
Improvements:
- New Sync Exemptions menu found under User Management > Import & Sync > Sync Exemptions.
This new menu allows administrators to view, search and delete Sync Exemptions directly from the page.
- Sync Exemption API documentation updated.
- Maximum message size threshold reduced to 256MB
Bug Fixes
- Fixes an issue where some unverified domains were inadvertently updated by Microsoft 365 Integration (causing the SMTP Destination to be overwritten).
29 April 2024
Available to all customers by May 1st, 2024 No actions are required to receive this update.
Improvements:
- Deprecates customer renewal confirmation notification emails.
- Azure Directory Sync will now display which Azure Sync version within the UI.
Bug Fixes
- Fixes an issue where some customers with mismatched uppercase/lowercase email addresses were unable to access Emergency Inbox.
- Fixes an issue where the Connectwise mapping views became unresponsive.
25 April 2024
Available to all EU Partners now. No actions are required to receive this update.
Improvements:
New Report Available - Inbound Email Protection Breakdown - All Customers
The latest report Inbound Email Protection Breakdown - All Customers offers a thorough summary of the different mechanisms and strategies utilized to detect harmful inbound emails. This report serves as an essential resource in fortifying your customers email. It provides a consolidated overview of incoming messages, highlighting those that are either blocked or delivered across all your customers.
The report showcases the proactive measures taken to block or clean suspicious emails before they reach the inbox, ensuring enhanced security and peace of mind.
To view the Report - Threat Reporting > Reports > Inbound Email Protection Breakdown (All Customers)
22 April 2024
Available to all customers by April 22nd, 2024 No actions are required to receive this update.
Improvements:
New QR Code Phish Simulations
We're excited to introduce a new update to our simulated phishing feature for all Security Awareness customers. This release focuses on enhancing the simulation of digital QR-based threat vectors.
QR Code Simulation: We now offer the effective simulation of digital QR-based threat vectors through dynamically generated QR Codes in simulated phishing emails.
New QR Code Lure Templates: Enjoy a set of new QR code lure templates accompanied by teachable moment content to support this new simulation option.
Integration with Existing Campaigns: These features seamlessly work within the context of existing simulated phishing drive-by campaigns.
16 April 2024
Available to all customers by April 17th, 2024 No actions are required to receive this update.
Improvements:
New Emergency Inbox
- Introducing our new revamped Emergency Inbox feature, when using Emergency Inbox you will encounter the following changes:
- Emergency Inbox no longer launches a new tab
- Emergency Inbox Icon now provides a status text and visual indicator
- Emergency Inbox Icon is now clickable and takes you to Emergency Inbox
- New Interactive Emergency Inbox Icon in Log Search for emails with a 'Deferred' status
Example of Emergency Inbox Icon in Log Search
Example of an account that is actively spooling and is utilizing Emergency Inbox
Bug Fixes
- Corrects partner stats response schema when utilizing: api/v1/stats/{domain}/partner/orgs?page_size
10 April 2024
Available to all customers by April 12th, 2024 No actions are required to receive this update.
Improvements:
New Australian-Specific Smart ID Filters:
- Introducing new smart ID filters tailored for Australian users. These include:
- Australia Driver License
- Australia Medical Account Number (MAN)
- Australia Centrelink Customer Reference Number (CRN)
- Australia Passport
Notifications Added to Management Accounts:
- The Notifications page is now accessible for Management accounts. Users with these account types can now conveniently manage their notifications from within the platform.
ConnectWise Integration Improvements:
- Product and customer dropdown menus have undergone performance enhancements, particularly noticeable with large datasets. Users will experience smoother navigation and faster loading times.
Default Account Type Set to Organization on Customer Creation:
- Upon creating a new customer, the default account type will now be set to "organization".
Bug Fixes
- Resolves an issue that prevented users from scheduling reports directly from the new beta Reports page.
- Removes Google Icon from SSO providers.
25 March 2024
Available to Proofpoint Essentials Security Awareness customers now. No actions are required to receive this update.
Improvements:
New phishing campaign templates added to Security Awareness in February 2024.
5 March 2024
Available to all customers by March 6th, 2024 No actions are required to receive this update.
Improvements:
- Azure Directory and Active Directory Sync now set the user role to "silent user" by default.
Assignment States
We have changed the completion status in Training to a date-based completion model. Here’s what to expect from this update:
- Assignment statuses will now be based on the end date and grace period.
- Admins will have the ability to manually complete or reopen assignments.
- The status of an assignment for users who have not completed an assignment by the end date will reflect level of completion.
- Provides a more intuitive expectation of training access.
- Admins will have better control of end user access to training with manual controls over their statuses.
Proofpoint Essentials Release Notes Feb 19th 2024
Improvements:
- Introduces a new SPF Hard Fail/Soft Fail control within Anti-Spoofing Policy.
Customers currently using Anti-Spoofing Policy will see their new "Soft Failure" default to Take no action
Bug Fixes:
- Fixes an issue where some Outbound messages that were released from Quarantine didn’t update log status correctly.
- Fixes an issue where email preview displayed base64 encoding when initiated.
- Fixes an issue where SPF failures were being displayed incorrectly in email log preview and email permalink preview.
Proofpoint Essentials Release Notes Feb 15th 2024
Improvements:
New phishing campaign templates added to Security Awareness in January 2024.
Proofpoint Essentials Release Notes Feb 10th 2024
Improvements:
- New Emergency Inbox Status indicator in the top right corner of the UI.
- Updated SPF recommendation for new customers within the Connection Details documentation.
Existing customers do not need to make any changes to their SPF records.
Proofpoint Essentials Release Notes Jan 30 2024
Improvements:
- New Connector added to Microsoft 365 Integration.
Our Microsoft 365 Integration now includes a new “locked down” connector which will be disabled by default and will provide a locked down version of the standard connector. This locked down version of the connectors will allow customers to be more selective about which IP addresses to trust for mail flow, facilitating an enhanced security posture (if desired).
The “locked down” connector should only be used after the customer has updated their MX records.
- Added a new Access Control for the Integrations page
Proofpoint Essentials Release Notes Jan 15 2024
Available to Proofpoint Essentials Security Awareness customers now. No actions are required to receive this update.
Improvements:
New phishing campaign templates added to Security Awareness in January 2024.
New Training Modules added to Security Awareness in January 2024
Proofpoint Essentials Release Notes Jan 3 2024
Improvements:
Introducing Microsoft 365 Integration.
Our Microsoft 365 Integration significantly reduces manual effort when configuring a customer's Microsoft 365 tenant to collaborate with Proofpoint Essentials Email Security. This process includes setting up all necessary prerequisites to facilitate a standard MX deployment, including:
- Setting up mail flow rules.
- Creating inbound and outbound connectors.
- Automatically importing and verifying domains.
- Automatically setting up Azure Sync Users via Microsoft Entra.
The Microsoft 365 Integration feature can be found under Administration > Account Management > Integrations
Learn more about the new Microsoft 365 Integration here
Bug Fixes:
- Resolves an issue that prevented customers from viewing images via log preview.
- Fixed an issue where feedback confirmation dialogs where not mobile friendly in portrait.
Proofpoint Essentials Security Awareness Release Notes Dec 18 2023
Improvements:
New phishing campaign templates added to Security Awareness in November 2023.
4 December 2023
New Feature Announcement:
Introducing PhishAlarm for Security Awareness.
PhishAlarm is an Add-in for Microsoft Exchange that allows users to easily report suspicious email without being encumbered to remember an ever-changing abuse box address or the correct format (headers and email bodies) to forward suspicious emails. PhishAlarm displays a button in the supported email client which, when clicked, will forward the email to defined email addresses. Typically, these email addresses are either an abuse box or members of your organization’s incident response and security team.
Access Now
Click on Security Awareness > Launch Platform
Click PhishAlarm > Add-in Setup
Click the Setup tab.
3 December 2023
Bug Fixes:
- Resolves an issue that prevented read-only users from accessing email security package details on the licensing page.
- Resolves an issue where users logging into their Email Archive now correctly land on the Email Archive page instead of their home page. (Live from 5th December)
- Removes the option to 'Report a False Negative' for messages in the Attachment Defense queue to enhance user feedback.
27 November 2023
Improvements:
Introduces PhishAlarm for Security Awareness.
PhishAlarm is an Add-in for Microsoft Exchange that allows users to easily report suspicious email without being encumbered to remember an ever-changing abuse box address or the correct format (headers and email bodies) to forward suspicious emails. PhishAlarm displays a button in the supported email client which, when clicked, will forward the email to defined email addresses. Typically, these email addresses are either an abuse box or members of your organization’s incident response and security team.
Now displays the organizations timezone in log search results via tooltip.
Bug Fixes:
- Fixes an issue where URL's were being rewritten incorrectly by URL Defense.
- Fixes an issue where both HTML and plaintext content were being shown for multipart/alternative messages in Quarantine preview.
20 November 2023
Improvements:
New phishing campaigns templates and teachable moments added to Security Awareness in October 2023.
6 November 2023
Improvements:
- Adds a new confirmation prompt when reporting a message as spam.
- Adds a new confirmation prompt to "release", "release & approve" and "block" digest actions.
30 October 2023
Improvements:
- Administrators now have access to view Sender Policy Results within message details.
- Improves scanning for calendar messages.
Bug Fixes:
- Bounced and out-of-office messages will now be correctly attributed to a user.
- Fixes an issue where administrators were unable to release items from quarantine on the user log search page.
- Resolves a bug that caused delays when adding a new domain.
- Fixes a bug where the "Hide email from log" action failed to display a success banner.
- Updates end user Senderlist description to align with the actual behavior.
23 October 2023
Improvements:
New phishing campaign templates and teachable moments added to security awarness in September 2023.
9 October 2023
Available to all customers by October 11th, 2023. No actions are required to receive this update.
Version 5.20231005
Bug Fixes:
- Fixes a bug where shared mailboxes were incorrectly receiving email letters when synced through New Azure User Sync.
3 October 2023
Available to all customers by October 5th, 2023. No actions are required to receive this update.
Version 5.20230929
Improvements:
- When creating a new customer in the UI, the license package will now default to Advanced+.
- Improves the accuracy of Dashboard: Threats by Domain (Spam count).
- Introduces a new error message in Archive when invalid IMAP server connection details are entered.
Bug Fixes:
- Fixes a bug where outbound bounce emails were triggering encryption filters.
- Fixes a bug where certain end users were unable to update their own profile settings.
- Fixes an issue where quarantine preview would cause an error.
- Fixes a bug in specific user logs when searching for domains.
- Fixes an issue where silent users were prompted to log in to Essentials after releasing from digest.
- Fixes an issue where One-Click Message Pull would fail to action multi-selection tasks.
18 September 2023
Available to all customers by. No actions are required to receive this update.
Improvements:
Proofpoint Essentials Security Awareness - DMARC Reject Policy
We have updated the DMARC policy to “reject” for our securityeducation.com domain to secure its email stream. This brings the domain’s email authentication posture in line with Proofpoint’s best practices, and what we advocate for as an email security provider. DMARC is intended to reduce email-based fraud and improve the reliability of email delivery. For this reason, it’s important as a DMARC vendor to protect our own domains from abuse but also to set an example for our customers of what DMARC-protected domains look like. Given the nature of securityeducation.com from both a customer perspective and the potential for abuse, it is exceptionally important we move to a reject policy in a safe manner. This change will have no impact on the delivery of emails from the securityeducation.com domain.
13 September 2023
Available to Proofpoint Essentials Security Awareness customers now. No actions are required to receive this update.
Improvements:
New phishing campaigns templates and teachable moments added to Security Awareness in August 2023.
11 September 2023
Available to all customers by September 13th, 2023. No actions are required to receive this update.
Version 5.20230908
Improvements:
- Removes Plain Text LDAP option from Active Directory settings.
Bug Fixes:
- Fixes an issue where emails would say blocked during the attachment sandboxing phase.
- Fixes a bug where Threat Reporting - Scheduled List would cause an error when editing or deleting a favourited scheduled report.
- Fixes an issue where a white-labeled customer wasn't having their phone number or website added to welcome emails.
- Fixes an issue that resulted in scheduled reports not being sent.
- Removes blank graphs from reports.
5 September 2023
Available to all customers by September 7th, 2023. No actions are required to receive this update.
Version 5.20230825
Improvements:
- Increases the digest action rate limit from 50 (up from 12).
Bug Fixes:
- Fixes a bug that intermittently caused duplicates in SMTP Discovery List.
- Fixes an issue where country code under User page default to blank after Azure sync updates.
21 August 2023
Available to all customers by August 23rd, 2023. No actions are required to receive this update.
Version 5.20230816
Improvements:
- Drop downs in Manage Profile for Admin, Billing and Tech contacts are sorted according to admin level and alphabetical.
Bug Fixes:
- Fixes an issue where Threat Reports > Monthly Reports was not displaying stats for 30 days.
- Fixes a problem that was prevented EWT and Disclaimers to be added to the same message.
- Corrects an issue that resulted in Scheduled Reports not being sent.
- Resolves an issue where Welcome Emails were displaying #name# instead of actual company name in both preview and test email.
- Fixes an issue that prevented customers from performing actions on Learn More in EWT.
- Fixes a bug that prevented One-Click Message Pull to retract message on specific user logs.
- Fixes an issue that intermittently caused OAuth to be disabled when the Azure Directory Sync page was saved or manually ran.
16 August 2023
Available to Proofpoint Essentials Security Awareness customers now. No actions are required to receive this update.
Improvements:
New phishing campaigns templates and teachable moments added to Security Awareness in July 2023.
14 August 2023
Available to all customers by August 16th, 2023. No actions are required to receive this update.
Version 5.20230811
Improvements:
- Enhances the performance of domain lookups, resulting in much faster processes for customer creation, domain creation, and API endpoint requests.
- ConnectWise agreements are now filtered by company.
- Links in the following components are now encrypted: Easy Spam Disclaimer, Email Digests, Suspend Delivery Alerts, Message Details & Filter Alert.
Bug Fixes:
- Resolves an issue where ConnectWise details saved by specific customers were not being displayed.
- Fixes a problem that was preventing certain products and companies from appearing when being mapped to ConnectWise.
- Addresses an issue that caused user rate limits to be incorrectly calculated.
31 July 2023
To improve the accessibility of product updates, all new product release notes will be centralized in one convenient location: here
Available to all customers by August 2nd, 2023. No actions are required to receive this update.
Version 5.20230727
Improvements
- Adds radio button to toggle between include and exclude parameters on Traffic by Address report.
- Adds Attachment Defense threats to Daily and Monthly Threat Reports under Virus category.
- Adds total to the Active Mailbox report stats table & export.
- Removes "Stop Receiving These Reports" from Scheduled Reports email.
- Improvements to digest delivery timing.
Bug Fixes
- Corrects an issue that caused some character sets to not display correctly in Email Logs, Message Details, Easy Spam Disclaimer & Email Digests.
- Addresses a problem that prevented the delivery of SMS spooling alerts to certain users.
- Fixes an issue which caused different time periods to be applied when viewing reports.
- Corrects a display issue related to Dashboard exports, ensuring that the exported version now adopts a landscape orientation.
- Addresses a minor display issue on the Monthly Traffic report graph.