Skip to main content

Ensure that an anti-phishing policy has been created

Remediation Considerations

MaxScoreImplementationCostUserImpact
3UnknownUnknown

Remediation Impact

Turning on Anti-Phishing should not cause an impact, messages will be displayed when applicable

Remediation

Note: Audit and Remediation guidance may focus on the Default policy however, if a
Custom Policy exists in the organization's tenant then ensure the setting is set as
outlined in the highest priority policy listed.

To set the anti-phishing policy -

  1. Navigate toMicrosoft 365 Defender https://security.microsoft.com.
  2. Click to expand Email & collaboration select Policies & rules
  3. Select Threat policies.
  4. Under Policies select Anti-phishing.
  5. Select the Office365 AntiPhish Default (Default) policy and click Edit
    protection settings.
  6. Set the Phishing email threshold to at least 2 - Aggressive.
    1. Under Impersonation
      • Check Enable mailbox intelligence (Recommended).
      • Check Enable Intelligence for impersonation protection (Recommended).
    2. Under Spoof
      • Check Enable spoof intelligence (Recommended).
  7. Click Save.

To create an anti-phishing policy using PowerShell:

  1. Connect to Exchange Online service using Connect-ExchangeOnline.
  2. Run the following Exchange Online PowerShell command:

New-AntiPhishPolicy -Name "Office365 AntiPhish Policy"