Varonis Incident Response: Stopping Microsoft 365 Direct Send Abuse
Varonis, Tuesday, August 5th, 2025
Learn how Varonis Threat Labs uncovered a critical Microsoft 365 Direct Send exploit, and how organizations leveraged Varonis Incident Response to protect themselves from attack.
Recently, Varonis Threat Labs uncovered an attack that used Microsoft 365's Direct Send feature to phish sensitive information from the employees at more than 70 organizations.
Microsoft 365 Direct Send is designed to allow internal devices like printers to send emails without authentication. Threat actors abused this feature to spoof internal users and deliver phishing emails without ever needing to compromise an account.