Release Notes
9 December 2024
Available to all customers by December 10th, 2024 No actions are required to receive this update.
New Email Encryption experience
We are excited to announce our new Email Encryption experience, designed to simplify and enhance secure communication. These updates offer increased flexibility, greater control, and an improved user experience. Please note that messages sent before the transition to the new experience will remain accessible through the old interface. External recipients will still be able to view and respond to encrypted messages sent prior to the change using their existing login credentials. These messages will be accessible until they expire after 14 days.
To preview what’s coming , click here
Updates include:
Fresh Look and Feel - New styling updates ensure encryption aligns seamlessly with the Proofpoint Essentials user experience. The secure reader interface supports white-labeling and automatically inherits customer branding for a cohesive, customized look.
One-Time Encrypted Links - External recipients now have streamlined access to encrypted emails without needing to create an account or log in. This frictionless feature enhances the user experience, ensuring that secure communication remains as simple as possible.
Read Receipts - Stay informed with the new read receipts feature, providing senders with automatic notifications when their encrypted messages are opened.
Thread Expiry - Take greater control of encrypted conversations with the new thread expiry feature. This enhancement allows administrators and original thread owners to easily revoke access to entire encrypted email threads, ensuring tighter management of sensitive information.
Improved Message Threading - Helps external users stay informed and engaged with enhanced message threading that preserves context and organization. This improvement makes conversations more intuitive, reducing confusion and enhancing the overall user experience.
Extended Access to Encrypted Messages - Encrypted messages can now be accessed for up to 30 days (previously 14 days), providing users with greater flexibility and convenience to manage and access communications at their own pace.
4 December 2024
Important Announcement: Microsoft Add-in Permissions Update in January 2025
Microsoft is updating its add-in permissions process in January 2025, requiring PhishAlarm and Email Encryption Add-in users to take specific actions to maintain uninterrupted functionality. This update transitions from legacy Exchange tokens to Nested App Authentication (NAA), enhancing authentication and identity protection for Office 365 users.
Affected Products:
- PhishAlarm Add-in for Microsoft 365
- Email Encryption Add-in for Microsoft 365
(On-premise Exchange customers are unaffected.)
Required Actions for Admins:
For the PhishAlarm Add-in:
1. Log in to the Proofpoint Security Awareness (PESA) platform.
2. Navigate to: Security Awareness Platform > Alerting > Add-in Setup > Install.
3. Authenticate as a Global Administrator in Microsoft 365 and accept the necessary permissions.
For the Email Encryption Add-in:
1. Log in to your Microsoft 365 Admin Account.
2. Access the following URL: https://login.microsoftonline.com/organizations/adminconsent?client_id=215c2929-b469-432f-aa45-2e018f456e51
3. Grant permissions across your organization by following the instructions on the screen.
Additional Information:
For more details and a step-by-step guide, refer to the Nested App Authentication Update - Proofpoint Essentials Add-ins documentation here
3 December 2024
Available to all customers by December 5th, 2024 No actions are required to receive this update.
Improvements
New Report Available - Inbound Email Protection Breakdown - All Customers (US Region)
The latest report Inbound Email Protection Breakdown - All Customers offers a thorough summary of the different mechanisms and strategies utilized to detect harmful inbound emails. This report serves as an essential resource in fortifying your customers email. It provides a consolidated overview of incoming messages, highlighting those that are either blocked or delivered across all your customers.
The report showcases the proactive measures taken to block or clean suspicious emails before they reach the inbox, ensuring enhanced security and peace of mind.
To view the Report - Threat Reporting > Reports > Inbound Email Protection Breakdown (All Customers)
- A new field, Last Successful Sync, has been added to the Azure API endpoint. This field returns the timestamp of the most recent successful Azure user synchronization for the customer.
- Timezone label added to API Documentation.
Bug Fixes
- EasySpam Disclaimers are now correctly removed from outbound emails.
- Resolves an issue where some entities in the EU stack experienced dashboard loading issues on the first attempt, and export functionality was non-operational.
- Updates email logs to accurately display the admin who released the email, eliminating confusion caused by previously logging the user.
- Functional accounts will no longer be synced to Security Awareness.
- Fixes an issue where the "Download" button for quarantined emails in the User Logs was not functioning.
25 November 2024
Available to Proofpoint Essentials Security Awareness customers now. No actions are required to receive this update.
Improvements:
Notification Customization
PhishAlarm prompts and end-user communications now offer a greater array of editing options. The new text editor tools to improve customization and branding. Includes the following:
- Images Hyperlinks
- Text editing
A new preview function now shows what users can expect to see when reporting an email before the changes are introduced to a wider audience.
19 November 2024
Available to Proofpoint Essentials Security Awareness customers now. No actions are required to receive this update.
Improvements:
New phishing campaign templates added to Security Awareness in October 2024.
18 November 2024
Exciting Updates Coming To Email Encryption
We are excited to announce our new Email Encryption experience, designed to simplify and enhance secure communication. These updates offer increased flexibility, greater control, and an improved user experience.
Please note that messages sent before the transition to the new experience will remain accessible through the old interface. External recipients will still be able to view and respond to encrypted messages sent prior to the change using their existing login credentials. These messages will be accessible until they expire after 14 days.
Updates include:
Fresh Look and Feel - New styling updates ensure encryption aligns seamlessly with the Proofpoint Essentials user experience. The secure reader interface supports white-labeling and automatically inherits customer branding for a cohesive, customized look.
One-Time Encrypted Links - External recipients now have streamlined access to encrypted emails without needing to create an account or log in. This frictionless feature enhances the user experience, ensuring that secure communication remains as simple as possible.
Read Receipts - Stay informed with the new read receipts feature, providing senders with automatic notifications when their encrypted messages are opened.
Thread Expiry - Take greater control of encrypted conversations with the new thread expiry feature. This enhancement allows administrators and original thread owners to easily revoke access to entire encrypted email threads, ensuring tighter management of sensitive information.
Improved Message Threading - Helps external users stay informed and engaged with enhanced message threading that preserves context and organization. This improvement makes conversations more intuitive, reducing confusion and enhancing the overall user experience.
Extended Access to Encrypted Messages - Encrypted messages can now be accessed for up to 30 days (previously 14 days), providing users with greater flexibility and convenience to manage and access communications at their own pace.
To preview what’s coming, click here.
The rollout of our new Email Encryption experience will begin the week of Monday, December 9, 2024.
30 October 2024
Upcoming Proofpoint Essentials Security Awareness Platform Maintenance - All Regions:
We have several security and infrastructure updates to the Security Education Platform to perform. There are no features being release during this outage, only required upgrades that are needed to ensure security and continued operation of he platform. During the maintenance period, you may see intermittent impact to the security awareness admin console and training modules.
EU & US Environments
Saturday November, 9th from 10:00am UTC to 6:00pm UTC
28 October 2024
Available to all customers by October 31st, 2024 No actions are required to receive this update.
Improvements
New Feature: Domain Mail Relay Status
Easily check if a domain is set up and ready to receive emails! The Mail Relay Status shows when a domain is fully prepared for email relay, so you’ll know the exact moment it’s ready to start receiving messages. Also available via API.
Active - This relay domain is active and successfully processing emails. All emails routed through it are being relayed according to the configured settings.
Relay Activating - Activating a relay domain usually takes 30 minutes to an hour. During this period, the domain may not relay emails until the activation process is fully complete.
Relay Deactivating - Deactivating a relay domain typically takes 30 minutes to an hour to fully process. During this time, emails may continue to be relayed through the domain until deactivation is complete.
Relay Disabled - This relay domain is currently inactive, and emails routed through it are not being relayed.
Bug Fixes
- Fixes an issue where the API specification page did not display correctly due to a rendering error.
21 October 2024
Available to all customers by October 23rd, 2024 No actions are required to receive this update.
Improvements
- Updates the default package for customer creation to "Advanced+" (both API and UI).
- Enables the "Quarantine email suspected of being phish" spam setting for all customers and removes the ability to disable this spam setting feature.
Bug Fixes
- Fixes an issue where read-only admins would experience a blank email when using the preview email option.
- Fixes an issue with filter where if the email was formatted a specific way, it would bypass the filter check that should have been triggered.
- Fixes an issue where a Beginner+ customer would lose their ability to change their package where their Beginner+ privilege was removed.
- Fixes an issue where subject tags (e.g. external) were not being applied on sandbox release.
- Fixes an issue with Easyspam disclaimer causing certain emails to receive a malformed disclaimer.
- Fixes an issue where admins were unable to update Attachment Defense Safe Sender List.
- Fixes an issue in the Azure Sync Report where group name was not displaying in the delete section.
- Fixes an issue where filtering by "In Attachment Defense Sandboxing" on logs page would display in all categories.
18 October 2024
Available to Proofpoint Essentials Security Awareness customers now. No actions are required to receive this update.
Improvements:
Scheduled Notifications
We’ve added a time and time zone selection to the Assignment Notification and Reminder Notification settings. This will provide admins with the ability to specify the time that notifications will be sent to their end-users within a given Training Assignment.
44 New Training Modules
We’re excited to announce the expansion of our training library modules. These new modules cover a wide range of security topics, offering users deeper insights into threats like phishing, social engineering, and ransomware. After completing this expanded training, users will have enhanced knowledge of emerging threats, better understand best security practices, and be more prepared to safeguard sensitive information.
What's New:
New Training Modules: We’ve expanding the Proofpoint Essentials Security Awareness program adding 44 new training modules.
New Module Type – Multi-Path Adventure: These modules provide an interactive, scenario-based experience, where users make decisions in real-world security situations and see the outcomes of their choices
| Name | Type | Runtime |
| 60 Seconds to Better Security: AI Chatbot Threats | Animated Video | 1 minute(s) |
| A Date to Forget | Multi-Path Adventure | 9 minute(s) |
| A Step Too Far | Multi-Path Adventure | 12 minute(s) |
| Abstract Data | Multi-Path Adventure | 9 minute(s) |
| An Education in Reporting | Multi-Path Adventure | 9 minute(s) |
| An Unexpected Call | Multi-Path Adventure | 12 minute(s) |
| An Urgent Request | Multi-Path Adventure | 9 minute(s) |
| Anti-Fraud and Bribery | Interactive | 12 minute(s) |
| Anti-Money Laundering | Interactive | 12 minute(s) |
| Avoiding Dangerous Attachments | Interactive | 8 minute(s) |
| Avoiding Dangerous Links | Interactive | 9 minute(s) |
| BEC Scams | Interactive | 12 minute(s) |
| Behind Closed Doors | Multi-Path Adventure | 12 minute(s) |
| Behind Your Back | Multi-Path Adventure | 12 minute(s) |
| Being Smart With Social Media | Animated Video | 2 minute(s) |
| Beyond Passwords | Interactive | 11 minute(s) |
| Data Entry Phishing | Interactive | 8 minute(s) |
| Deadline Demands | Multi-Path Adventure | 12 minute(s) |
| Device Disaster | Multi-Path Adventure | 9 minute(s) |
| Don't Bet On It | Multi-Path Adventure | 12 minute(s) |
| Double 'Oh... No' | Multi-Path Adventure | 12 minute(s) |
| Email Attack Methods: Business Email Compromise | Animated Video | 3 minute(s) |
| Email Attack Methods: Credential Compromise | Animated Video | 2 minute(s) |
| Email Protection Tools | Interactive | 15 minute(s) |
| Email Protection Tools | Interactive | 6 minute(s) |
| Email Security | Training Game | 20 minute(s) |
| Email Security on Mobile Devices | Interactive | 10 minute(s) |
| Fake It 'Til You Make It | Multi-Path Adventure | 12 minute(s) |
| Freedom of Information | Interactive | 12 minute(s) |
| GDPR: In Action | Interactive | 6 minute(s) |
| General Data Protection Regulation (GDPR): Overview | Interactive | 8 minute(s) |
| Hazards of Hacking | Interactive | 12 minute(s) |
| HIPAA Overview | Animated Video | 12 minute(s) |
| Holding Health to Ransom | Multi-Path Adventure | 10 minute(s) |
| Incident Reporting | Interactive | 12 minute(s) |
| Insider Threat Overview | Interactive | 12 minute(s) |
| Insider Threats | Interactive | 12 minute(s) |
| Internet Enabled Nightmare | Multi-Path Adventure | 12 minute(s) |
| Introduction to Phishing | Interactive | 19 minute(s) |
| Introduction to Phishing Emails and Websites | Interactive | 12 minute(s) |
| Malicious Insider Threat | Interactive | 9 minute(s) |
| Malware & Ransomware | Interactive | 12 minute(s) |
| Malware Attacks | Interactive | 10 minute(s) |
| Mobile Device Defence | Interactive | 12 minute(s) |
| Mobile Device Security | Live Action Video | 11 minute(s) |
| Mobile Device Security | Interactive | 22 minute(s) |
| Mobile Devices: Common Risks and Threats | Animated Video | 2 minute(s) |
| Mobile Devices: Physical Security Fundamentals | Animated Video | 2 minute(s) |
| Modern Slavery Act | Interactive | 12 minute(s) |
| Multi-Factor Authentication | Interactive | 6 minute(s) |
| Nerves of Steel | Multi-Path Adventure | 12 minute(s) |
| Password Management | Interactive | 13 minute(s) |
| Password Policy | Interactive | 7 minute(s) |
| PCI Disaster | Multi-Path Adventure | 9 minute(s) |
| PCI DSS | Interactive | 12 minute(s) |
| Perfect Your Password | Interactive | 12 minute(s) |
| Perfecting Passwords | Animated Video | 2 minute(s) |
| Personally Identifiable Information | Interactive | 12 minute(s) |
| Phish Finder: Spotting Warning Signs (Beginner) | Animated Video | 2 minute(s) |
| Physical Security | Interactive | 14 minute(s) |
| Physical Security | Interactive | 12 minute(s) |
| Physical Security Fundamentals | Animated Video | 2 minute(s) |
| PII Fundamentals | Interactive | 16 minute(s) |
| PII in Action | Interactive | 11 minute(s) |
| PII In Action | Animated Video | 10 minute(s) |
| Precursor to Phishing | Interactive | 5 minute(s) |
| Precursor to Phishing | Animated Video | 9 minute(s) |
| Privileged Access Awareness | Interactive | 12 minute(s) |
| Protecting Data | Interactive | 12 minute(s) |
| Public Data vs. Non-Public Data | Animated Video | 2 minute(s) |
| Remote Working: Recognizing the Risks | Animated Video | 2 minute(s) |
| Remote Working: Reducing the Risks | Animated Video | 2 minute(s) |
| Safe Social Networks | Interactive | 16 minute(s) |
| Safer Web Browsing | Interactive | 23 minute(s) |
| Secure Printing | Interactive | 12 minute(s) |
| Securing Data: Know Your Role | Animated Video | 2 minute(s) |
| Security Basics: Data Handling and Security | Animated Video | 2 minute(s) |
| Security Basics: Insider Threats | Animated Video | 2 minute(s) |
| Security Basics: Passwords and Authentication | Animated Video | 2 minute(s) |
| Security Basics: Physical Security and Remote Working | Animated Video | 2 minute(s) |
| Security Beyond the Office | Interactive | 15 minute(s) |
| Security Beyond The Office | Interactive | 12 minute(s) |
| Security Essentials | Interactive | 14 minute(s) |
| Security Essentials: Data Protection | Interactive | 3 minute(s) |
| Security Essentials: Introduction | Interactive | 1 minute(s) |
| Security Essentials: Physical Security | Interactive | 3 minute(s) |
| Security Essentials: Protecting Accounts, Devices, and Systems | Interactive | 4 minute(s) |
| Security Essentials: Secure Remote Working | Interactive | 3 minute(s) |
| Shielding Against Spear Phishing | Interactive | 12 minute(s) |
| Social Engineering | Interactive | 12 minute(s) |
| Social Engineering | Interactive | 19 minute(s) |
| Social Engineering: Many Methods, Many Motives | Animated Video | 2 minute(s) |
| Social Media Roller Coaster | Multi-Path Adventure | 12 minute(s) |
| Social Network Nightmare | Multi-Path Adventure | 9 minute(s) |
| Social Networking | Interactive | 12 minute(s) |
| Spear Phishing Threats | Interactive | 12 minute(s) |
| Spotting Invoice Scams | Interactive | 12 minute(s) |
| Surfing the World Wide Web | Interactive | 12 minute(s) |
| Swiped Right Into Trouble | Multi-Path Adventure | 12 minute(s) |
| TAKEOVER: BEC Scams | Multi-Path Adventure | 12 minute(s) |
| TAKEOVER: Digging For Data | Multi-Path Adventure | 12 minute(s) |
| The Problem With Public Wi-Fi | Animated Video | 2 minute(s) |
| Travel Security | Interactive | 8 minute(s) |
| Under Surveillance | Multi-Path Adventure | 12 minute(s) |
| Unintentional Insider Threat | Interactive | 10 minute(s) |
| URL Fundamentals | Interactive | 18 minute(s) |
| URL Fundamentals | Animated Video | 16 minute(s) |
| Web Browsing: Identifying Threats (Beginner) | Animated Video | 2 minute(s) |
| When Emotions Run High: USB Drives | Live Action Video | 2 minute(s) |
| Working From Home | Interactive | 12 minute(s) |
| Working From Home (COVID-19) | Interactive | 12 minute(s) |
| Workplace Security in Action | Interactive | 14 minute(s) |
7 October 2024
Available to Proofpoint Essentials Security Awareness customers now. No actions are required to receive this update.
Improvements:
New phishing campaign templates added to Security Awareness in July & August 2024.
1 October 2024
Available to all customers by October 4th, 2024 No actions are required to receive this update.
Improvements
- When a user attempts to perform a block action from a digest, the system will now use the "From" header address if no envelope sender exists.
- Email Warning Tag domain age threshold increased to 90 days (previous 30 days)
- API Terms added to API documentation.
The API has been expanded to accept multiple values in the 'stateprov' field.
Users can now input not only the standard two-letter state abbreviations (e.g., CA, TX, AZ) but also full state names (e.g., "California," "Texas," "Arizona").
Additionally, a combination of both formats is supported, using a hyphen (e.g., "CA - California").
Bug Fixes
- Fixes an issue where the Puerto Rico and St Thomas time zones had an incorrect definition.
- Resolves an issue with Email warning tags where paragraphs were being set to one line per paragraph in some instances.
- Corrects filter action behaviour. If an outbound filter generated a notification for a quarantined email, then the general alert would not be sent.
16 September 2024
Available to all customers by September 19th, 2024 No actions are required to receive this update.