Microsoft Viva: Custom font and theme support for Viva Amplify

🚨 The Signal: Viva Amplify now supports custom fonts and themes from Brand Center. This change allows communicators to align campaigns with brand identity, potentially increasing phishing realism if not properly governed.

The Impact

Security teams face increased risk of sophisticated phishing attacks leveraging legitimate branding.

• Security Teams: Increased risk of brand impersonation in phishing.
• End Users: Higher likelihood of falling for convincing, branded phishing emails.
• Admins: Need to enforce strict controls over Brand Center access and content.
• Compliance Teams: New challenge in demonstrating protection against brand abuse.

The Action

1. Review and restrict who can publish custom fonts and themes to Brand Center.
2. Implement strict approval workflows for all Brand Center content.
3. Enhance security awareness training to include branded phishing examples.
4. Monitor for suspicious activity related to Viva Amplify campaign creation and distribution.
5. Consider implementing email gateway rules to flag emails with specific Viva Amplify characteristics if not from trusted sources.

Domain: Other · Impact: medium · Workload: Other