General
Office 365 has built-in features to protect users against phishing attacks. By setting up Anti-Phishing policies, this protection is enhanced, for example, by refining settings that ensure better detection and prevention of deception and spoofing. The default policy applies to all users in the organization and is a singular way to refine anti-phishing protection. Additional policies can be created and set for specific users, groups, or domains within the organization and will prevail over the default policy for those users.
Rationale
Protects users against phishing attacks (such as deception and spoofing) and uses safety tips to warn users about potentially harmful messages.
Attic Fix
No fix is available for this check. Follow the advice by performing the manual instructions.
Manual Instruction
Perform these steps to adjust the setting:
- Navigate to Microsoft 365 Defender https://security.microsoft.com
- Expand Email & Collaboration and select Policies & Rules
- Select Threat policies
- Under policies, select Anti-Phishing
- Select the Office365 AntiPhish Default (Default) policy and click Edit protection settings
- Set the Phishing email threshold to at least 2 - Aggressive
Under Impersonation
- Turn ON: Enable mailbox intelligence (Recommended)
- Turn ON: Enable Intelligence for impersonation protection (Recommended)
Under Spoof
- Turn ON: Enable spoof intelligence (Recommended)
Impact
This change has the following impact on users and administrators:
CIS Mapping
-
CIS Item: 4.6 (L1) Ensure that an anti-phishing policy has been created
- Profile: E5 Level 1
Comments
0 comments
Please sign in to leave a comment.