We have recently migrated to an exchange environment, from a not so widely popular email server. Since we migrated to this new environment we have had 10+ users comprimised by very simple spear phishing campaigns. While I know user education is paramount in these situations, we would like to devise a plan to thwart being used as a spam source by restricting Access to owa to North America.
There is some hesitation in this, as we do have a large multi national population of staff, and many travel overseas for both work and pleasure and would still like to have access to there email.
We thought that are best approach would be to go the way of facebook, and if a user were to attempt to login from outisde of North America, we would ask them a security question. The only personal identifying information that we know to be pretty accurate is Department. So We thought that we would ask them "Which Department do you Belong to?", along side a capture, giving them 2 attempts to answer correctly prior to having out of country access denied. If they did answer correctly, we would store the continent they logged in a session table and have it expire in a week.
So for the most part, without putting pen to paper, I believe the above is possible with the access policies. The only thing that might be difficult will be the dropdown box of Departments on the login page, but I can probably create that with the customization.
What I would really be interested in hearing is if anyone else is doing something similar, or completely different to control access from unauthorized parties.
Also I would love to know from someone in the know if this kind of policy would actually twart these spear phishing campaigns, or is someone in Africa manually accessing OWA to send the emails and setup the email rules.
Hopefully that made sense and I can strir up a good conversation on the topic.