Previous

Next

Manage phishing protection

Completed

Phishing attacks attempt to steal sensitive information through emails, websites, text messages, or other forms of electronic communication that often look to be official communication from legitimate companies or individuals. Phishing and email spoofing work together, where spoofing is the term used for the creation of email messages with a forged sender address. The idea is to convince the recipient the email was sent by somebody else.

Anti-phishing policies provide extra protection against impersonation and phishing attacks, above and beyond the anti-spoofing solutions covered in the previous unit. Anti-phishing protection was originally available only for Microsoft Defender, but it's now available for all EOP users.

Anti-phishing policies are managed in the Microsoft Defender portal. The default policy applies to all users within the organization and is a single view where you can fine-tune anti-phishing protection. Custom policies can be created and configured for specific users, groups, or domains within the organization and will take precedence over the default policy for the scoped users.

As you set up or edit your anti-phishing policies, you can choose from several options, as described in the following table.

This setting:

Does this action:

Use when you want to:

Applied to

Define the recipients whose incoming email messages will be subject to the rules of the policy. You can create conditions and exceptions for the recipients associated with the policy.

For example, you can create a global policy for your organization by applying the rule to all recipients in your domain.

You can also create exception rules, such as a rule that doesn't scan email messages for a specific group of recipients.

Each policy must be associated with a set of users; for example, users in a group or domain.

Choose actions

Choose the action to take when Microsoft 365 detects an intra-organization or external-organization spoofing attempt against your users. These actions apply to any incoming email that has been identified by Microsoft 365 as a spoofing attempt for users who are under the protection of this anti-phishing policy. The actions include:

• Quarantine message. Email will be sent to Microsoft 365 quarantine. When you choose this option, the email isn't sent to the original recipient.
• Move message to the recipients' Junk email folder. Email will be sent to the recipients' Junk email folder. When you choose this option, the email is still sent to the original recipient, but it's not placed in the recipient's inbox.
• Don't apply any action. Email will be delivered to the original recipient's inbox. No other action will be taken on the email message.

Take an action on messages that Microsoft 365 has determined to be a spoofing attempt of internal or external domains as defined in the policy.

Knowledge check

Choose the best response for the following question. Then select “Check your answers.”

Check your knowledge

1.

As the Messaging administrator for Lucerne Publishing, Patti Fernandez wants to implement an anti-phishing policy that applies to all users in the organization. What's the easiest way for Patti to implement such a policy?

Configure the Sender Policy Framework

Create a custom anti-phishing policy in the Microsoft Defender portal and configure it for all users in the company

Configure the default anti-phishing policy in the Microsoft Defender portal to meet the company's needs

You must answer all questions before checking your work.

Continue