Email Security/Exchange Online - Ensure That an Anti-Phishing Policy Has Been Created

 






Summary

Office 365 generally includes all the built-in features that can help in protecting the users from phishing attacks, by default. However, Anti-Phishing Policies can also be set up in order to increase the protection level, for example, by refining settings to better detect as well as prevent impersonation and spoofing attacks. The default policy will apply to all users within an organization, and is a single view where you can fine-tune anti-phishing protection. Custom policies can be created and configured for specific users, groups or domains within the organization and will take precedence over the default policy for the scoped users.

Reason

This policy can protect the users from phishing attacks (like impersonation and spoofing), while also using safety tips simultaneously, to warn the users about the potentiality of harmful messages.

What If?

Turning on Anti-Phishing policy, does not cause any impact, the messages can be displayed when applicable.

How to?

To set the Anti-Phishing policy, use the Microsoft 365 Admin Center:
  1. Select Security in order to open the Microsoft 365 Defender portal. 
  2. Under E-mail & Collaboration navigate to Policies & rules > Threat policies.
  3. Now, pick Anti-phishing.
  4. Click Create to make an anti-phishing policy.

To create an Anti-Phishing policy, use the Exchange Online PowerShell Module:
  1. Connect to Exchange Online using Connect-ExchangeOnline.
  2. Now, run the following Exchange Online PowerShell command: 
  3. New-AntiPhishPolicy -Name "Office365 AntiPhish Policy"

Monitor:

To review the Anti-Phishing policy, use the Microsoft 365 Admin Center:
  1. Select Security in order to open the Security portal.
  2. Under E-mail & Collaboration navigate to Policies & rules > Threat policies.
  3. Now, pick Anti-phishing.
  4. After that, verify the Office365 AntiPhish Default (Default) policy exists.

To verify Anti-Phishing policy, use the Exchange Online PowerShell Module:
  1. Connect to Exchange Online using Connect-ExchangeOnline.
  2. Now, run the following Exchange Online PowerShell command: 
  3. Get-AntiPhishPolicy | ft Name.

      3. Verify Office365 AntiPhish Default  policy exists.




























































Comments

Popular posts from this blog

Deployment (Part 3)

Deployment (Part 1)

Design Planning (Part 3)