IP filtering is a valuable factor for security. I know which IPs belong to my organisation and these can be a useful factor in allowing access.
I've written rules which say that access should only be allowed when the client has both password and MFA and comes from a known IP address.
Why shouldn't I do that?
And there are systems which only support single-factor (password) authentication so I've configured IP filtering as a second factor. I'd love them to have more options but pragmatically this works.
Thanks. That wasn't clear from the Mail article above.
But the Times article also says:
> A spokeswoman for Leicestershire police said crimes under Section 127 and Section 1 include “any form of communication” such as phone calls, letters, emails and hoax calls to emergency services.
So I think the categorisation is a mess, and probably not even consistent across forces
And Microsoft own the client, so they are the one company who don't need to do this!
If you really want to check every time someone clicks on a link then you can do this in the client and keep the visible link the same for the end user.
But instead there are different teams working on this in Outlook, Teams, Exchange, Defender and god knows where else.
(I'm one of the people in corporate IT trying to turn this off and often struggling)