Share via

Advanced phishing thresholds in anti-phishing policies

Jay son 1 Reputation point
2022-12-15T03:23:10.173+00:00

Hi

Looking to understand how the Advanced phishing thresholds in anti-phishing policies relate to the Anti-Spam policy actions related to Phishing and High confidence phishing.

The current situation:

  • We have Defender for Office 365 licencing
  • We currently have an Anti-Spam policy with the following actions: 270715-image.png

There is little documentation on the phishing thresholds. Documentation does explain that "The following advanced phishing thresholds are only available in anti-phishing policies in Defender for Office 365. These thresholds control the sensitivity for applying machine learning models to messages to determine a phishing verdict:"

However, details on the threshholds themselves seem to indicate that it relates to how an email is handled post determination, as opposed to the determination of a verdict to begin with. eg: "2 - Aggressive: Messages that are identified as phishing with a high degree of confidence are treated as if they were identified with a very high degree of confidence."

Firstly, which is true?

Secondly, if the answer includes the latter, how does this interact with the Anti-Spam policy set to quarantine email marked as phishing? Isn't all identified phishing email sent to quarantine anyway? This hints back to the idea that the Anti-Phishing threshold policy relates more to the machine learning side of things then how it handles email, however its very ambiguous!

Thankyou for anyone willing to tackle my convoluted question :)

Exchange Online
Exchange Online
A Microsoft email and calendaring hosted service.
6,201 questions
Windows for business | Windows Client for IT Pros | Devices and deployment | Configure application groups

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 44,776 Reputation points
    2022-12-15T13:08:00.43+00:00

    Hi,

    Thank you for posting your query.

    Kindly follow the steps provided below to resolve your issue.

    Policies to configure anti-phishing protection settings are available in Microsoft 365 organizations with Exchange Online mailboxes, standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, and Microsoft Defender for Office 365 organizations.

    Go to this link for your reference and other troubleshooting procedures https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-phishing-policies-about

    https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-phishing-policies-mdo-configure

    Do not hesitate to message us if you need further assistance.

    If the answer is helpful kindly click "Accept as Answer" and up vote it.

    0 comments
  2. Aholic Liang-MSFT 13,891 Reputation points Microsoft External Staff
    2022-12-16T10:18:13.867+00:00

    Hi @Jay son ,

    Yes, in my opinion, this is also more relevant to the machine learning models。
    It determines the machine learning models‘ sensitivity to recognize whether an email is phishing or not.

    The most aggressive settings may not always be your best choice, as your important emails are more likely to be flagged as malicious. You may need to experiment with these settings to get the best results for your organization.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.