Hi anonymous user,
For environment using Exchange Online, by default some built-in features are included to help protect your users from phishing attacks.
As currently your users are still getting phishing emails, you can try to set up additional customized anti-phishing polices via the Anti-phishing page(https://security.microsoft.com/antiphishing) to increase this protection:
For more information about Anti-phishing policies, you may refer to Anti-phishing policies in Microsoft 365. And here's another document about the Anti-phishing protection fetures in Microsoft 365: Anti-phishing protection in Microsoft 365.
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.