Fraud Protection Release Notes
Dear Microsoft DFP Customer,
We are excited to share with you several new features/capabilities we have recently added this July to D365 Fraud Protection:
Device anomalous attributes
Assessment Reports
Warm up calls in External Call
New attributes for Purchase Protection
Check references
Updates to Agent Name field for Case Management
All the product features above are available in your DFP environment today, and further details about each are below.
If you have questions regarding any of the updates provided, please don’t hesitate to ask. Your feedback is extremely valuable to us, and we really appreciate your ongoing support and collaboration as we continue to improve the product!
Best Regards,
D365 Fraud Protection Team
———–
We’ve added some additional attributes in the Device Fingerprinting Assessment template to help identify anomalous sessions. The new attributes help detect anomalies both within and across sessions. For cross session data, the sessions are grouped together using the cookie id. New attributes are listed below and their descriptions are available in our documentation.
i. Screen resolution anomaly
ii. Session anomaly
iii. User agent browser anomaly
iv. User agent language anomaly
v. Time zone mismatch
vi. OS mismatch
vii. Session count
viii. IP address history
Note: These attributes are only available for Assessments created using Device Fingerprinting template.
We’ve also added an additional device attribute function called Device.GetSpeedOfTravel(), which returns the maximum travel speed of a device in miles per hour. The maximum speed is determined by looking at the last five consecutive fingerprinting sessions, calculating the speed of the device from session to session, and returning the maximum. The device is identified over sessions using the cookie id. More details about this function can be found here.
Enhanced Assessment Reports & Updates: We’re excited to announce that Virtual Fraud Analyst (VFA) reports are now available for our Assessment customers, allowing these customers to get valuable insights previously available only for Purchase Protection and Account Protection. Additionally, Assessment customers can now tailor the data filters to segment the data according to their needs, configure the observation events attributes to view distributions, and aggregate figures by selecting different amount attributes.
Report Relocation & Renaming: Based on feedback, we’ve relocated these reports to the assessment level and renamed them for clarity and ease of use:
i. Virtual fraud analyst is now Reporting
ii. Summary is now Summary report
iii. Rule analyst is now Rule report
iv. Score analyst is now Score report
v. Threat analyst is now Threat report
Updates to Role permissions based on feedback:
Manual Review Fraud Manager (for non-PSP customers): This role has been updated to include access to all the reports, ensuring comprehensive oversight
Reporting (for PSP customers): This role has been updated to include access to both reports and monitoring dashboards
Warm up calls in External Call
If the traffic to your External call endpoint is too low, the connection can go cold and can increase the latency of response from the external service. To mitigate this, you can now choose to enable warm-up calls from the external call setup page. To enable warm-up calls, you will be required to provide a valid keep-alive URL. If you opt in to this functionality, whenever your traffic volume dips too low DFP will automatically make anonymous warmup calls to the keep-alive endpoint using GET method only. No parameters, configurations, or configurable headers can be used in warm-up calls.
New attributes for Purchase Protection
We are adding the following new fields to the Purchase Protection and Assessments schemas in this release:
Attribute Name
Schema Section
Data Type
daysSinceEmailFirstSeen
user
Int
departureDistanceFromBillingAddress
travelOverview
Int
latitude
address
Double
longitude
address
Double
phoneAddressMatchStatus
paymentInstrumentList/paymentInstruments
String
These fields will be added to the Account Creation and Account Login schemas in an upcoming release.
Check references
We’ve made it easy to validate if a resource (such as velocity, external call, custom list, etc.) is being referenced elsewhere in DFP. With the new ‘Check references’ feature, you can quickly and efficiently do any of the following checks:
If a custom list is referenced in decision rule, post decision action, velocity set, or function
If a velocity set is referenced in decision rule, post decision action, or function
If an external call is referenced in decision rule, post decision action, velocity set, or function
If an external assessment is referenced in a decision rule, post decision action, velocity set, or function
If a case management queue is referenced in a routing rule
You can click the ellipsis and find ‘Check references’
Example: If a velocity is referenced in a rule, or functions, it will be shown in the pop up.
Updates to Agent Name field for Case Management
To comply with Privacy requirements, going forward, Fraud Protection would not store Friendly Name of Agents who make decisions on cases using Case Management. We would only store the user Id and the conversion to name would be done at run time using Microsoft Entra Active Directory. Searching for cases decisioned by a specific agent or reviewing Case Management reporting would still be possible, with a few changes in the user experience described below
The filter attribute “Agent name” in Search has been renamed to “Agent name (deprecated)”. This attribute can be used to search for cases decisioned before July 29th 2024 but it would be blank for cases decisioned after this date to comply with the Privacy requirement. Just as before, to search using this attribute, provide the full name of the agent in the value field (e.g. first filter in the screenshot below)
A new filter attribute “Agent name (new)” has been added to Search to replace old field (Agent name). This new attribute can be used to search cases decisioned after July 29th 2024. This filter also supports autosuggest so you need not type the full name, once you type a few characters of the desired agent name, autosuggest results should help you pick the right agent from a list of all users in the Microsoft Entra Active Directory matching the characters you typed. You can use an ‘Or’ query (see screenshot below) to search for cases that were decisioned before and after July 29, 2024
Note: After August 29, 2025, any data with “Agent name (deprecated)” field populated would have aged out because of the 13-month data retention policy for Fraud Protection Search. At that point, the “Agent name (deprecated)” filter would be removed to avoid confusion, as all the data in Search would be searchable via the new field.
Case Management Report has been modified as well. The filter for “Agent name” now includes autosuggest experience. Just like before, multiple selections are allowed and you can easily include or exclude cases auto-decisioned by the System (due to queue timeout).
Dear Microsoft DFP Customer,
We are excited to share with you several new features/capabilities we have recently added this July to D365 Fraud Protection:
Device anomalous attributes
Assessment Reports
Warm up calls in External Call
New attributes for Purchase Protection
Check references
Updates to Agent Name field for Case Management
All the product features above are available in your DFP environment today, and further details about each are below.
If you have questions regarding any of the updates provided, please don’t hesitate to ask. Your feedback is extremely valuable to us, and we really appreciate your ongoing support and collaboration as we continue to improve the product!
Best Regards,
D365 Fraud Protection Team
———–
Device anomalous attributes
We’ve added some additional attributes in the Device Fingerprinting Assessment template to help identify anomalous sessions. The new attributes help detect anomalies both within and across sessions. For cross session data, the sessions are grouped together using the cookie id. New attributes are listed below and their descriptions are available in our documentation.
i. Screen resolution anomaly
ii. Session anomaly
iii. User agent browser anomaly
iv. User agent language anomaly
v. Time zone mismatch
vi. OS mismatch
vii. Session count
viii. IP address history
Note: These attributes are only available for Assessments created using Device Fingerprinting template.
We’ve also added an additional device attribute function called Device.GetSpeedOfTravel(), which returns the maximum travel speed of a device in miles per hour. The maximum speed is determined by looking at the last five consecutive fingerprinting sessions, calculating the speed of the device from session to session, and returning the maximum. The device is identified over sessions using the cookie id. More details about this function can be found here.
Assessment Reports
Enhanced Assessment Reports & Updates: We’re excited to announce that Virtual Fraud Analyst (VFA) reports are now available for our Assessment customers, allowing these customers to get valuable insights previously available only for Purchase Protection and Account Protection. Additionally, Assessment customers can now tailor the data filters to segment the data according to their needs, configure the observation events attributes to view distributions, and aggregate figures by selecting different amount attributes.
Report Relocation & Renaming: Based on feedback, we’ve relocated these reports to the assessment level and renamed them for clarity and ease of use:
i. Virtual fraud analyst is now Reporting
ii. Summary is now Summary report
iii. Rule analyst is now Rule report
iv. Score analyst is now Score report
v. Threat analyst is now Threat report
Updates to Role permissions based on feedback:
Manual Review Fraud Manager (for non-PSP customers): This role has been updated to include access to all the reports, ensuring comprehensive oversight
Reporting (for PSP customers): This role has been updated to include access to both reports and monitoring dashboards
Warm up calls in External Call
If the traffic to your External call endpoint is too low, the connection can go cold and can increase the latency of response from the external service. To mitigate this, you can now choose to enable warm-up calls from the external call setup page. To enable warm-up calls, you will be required to provide a valid keep-alive URL. If you opt in to this functionality, whenever your traffic volume dips too low DFP will automatically make anonymous warmup calls to the keep-alive endpoint using GET method only. No parameters, configurations, or configurable headers can be used in warm-up calls.
New attributes for Purchase Protection
We are adding the following new fields to the Purchase Protection and Assessments schemas in this release:
Attribute Name
Schema Section
Data Type
daysSinceEmailFirstSeen
user
Int
departureDistanceFromBillingAddress
travelOverview
Int
latitude
address
Double
longitude
address
Double
phoneAddressMatchStatus
paymentInstrumentList/paymentInstruments
String
These fields will be added to the Account Creation and Account Login schemas in an upcoming release.
Check references
We’ve made it easy to validate if a resource (such as velocity, external call, custom list, etc.) is being referenced elsewhere in DFP. With the new ‘Check references’ feature, you can quickly and efficiently do any of the following checks:
If a custom list is referenced in decision rule, post decision action, velocity set, or function
If a velocity set is referenced in decision rule, post decision action, or function
If an external call is referenced in decision rule, post decision action, velocity set, or function
If an external assessment is referenced in a decision rule, post decision action, velocity set, or function
If a case management queue is referenced in a routing rule
You can click the ellipsis and find ‘Check references’
Example: If a velocity is referenced in a rule, or functions, it will be shown in the pop up.
Updates to Agent Name field for Case Management
To comply with Privacy requirements, going forward, Fraud Protection would not store Friendly Name of Agents who make decisions on cases using Case Management. We would only store the user Id and the conversion to name would be done at run time using Microsoft Entra Active Directory. Searching for cases decisioned by a specific agent or reviewing Case Management reporting would still be possible, with a few changes in the user experience described below
The filter attribute “Agent name” in Search has been renamed to “Agent name (deprecated)”. This attribute can be used to search for cases decisioned before July 29th 2024 but it would be blank for cases decisioned after this date to comply with the Privacy requirement. Just as before, to search using this attribute, provide the full name of the agent in the value field (e.g. first filter in the screenshot below)
A new filter attribute “Agent name (new)” has been added to Search to replace old field (Agent name). This new attribute can be used to search cases decisioned after July 29th 2024. This filter also supports autosuggest so you need not type the full name, once you type a few characters of the desired agent name, autosuggest results should help you pick the right agent from a list of all users in the Microsoft Entra Active Directory matching the characters you typed. You can use an ‘Or’ query (see screenshot below) to search for cases that were decisioned before and after July 29, 2024
Note: After August 29, 2025, any data with “Agent name (deprecated)” field populated would have aged out because of the 13-month data retention policy for Fraud Protection Search. At that point, the “Agent name (deprecated)” filter would be removed to avoid confusion, as all the data in Search would be searchable via the new field.
Case Management Report has been modified as well. The filter for “Agent name” now includes autosuggest experience. Just like before, multiple selections are allowed and you can easily include or exclude cases auto-decisioned by the System (due to queue timeout).
@TrevorRusher
Read More
