Phishing is a type of cyberattack through email, and it is the most common type of cyberattack. These emails appear legitimate from a trustworthy source, but the sender is actually trying to steal sensitive information. Microsoft 365 users can use some program features like Exchange Online Protection (EOP) to help prevent and identify phishing attacks.

Office 365 Anti-Phishing Policy Best Practices

EOP has several features to protect your company from phishing attacks.

1. Spoof Intelligence

EOP detects spoofed senders from internal and external domains in your email. You can manually review these senders and block or allow them. An Office 365 anti-phishing whitelist allows you to add trusted senders and domains to your threat policies. This practice prevents emails from your coworkers from getting marked as spam.

2. Anti-Phishing Policies in EOP

Anti-phishing policies specify the actions Microsoft 365 takes for spoofed senders. You can bypass anti-phishing in Office 365 and change other settings like spoof intelligence and unauthenticated sender identification.

Office 365 anti-phishing policy PowerShell is where you can configure your anti-phishing policies. Create the policy, then create the anti-phish rule to specify which policy the rule is for.

Unauthenticated Sender

3. Unauthenticated Sender

The spoof settings in EOP include unauthenticated sender notifications. These notifications put a question mark on the sender’s photo in the From box if the message fails all these tests:

  • DomainKeys Identified Mail (DKIM) checks
  • Sender policy framework (SPF) checks
  • Composite authentication
  • Domain-based message authentication (DMARC)

An unauthenticated sender also adds a via tag in the “From” box when the sender’s domain address doesn’t match the domain in the DKIM signature.

4. Block or Allow Spoofed Senders in Your Tenant Allow/Block List

The spoof intelligence feature of EOP makes verdicts about suspicious emails based on the policy. You can override these decisions, so a spoofed sender will appear as a manual allow or block entry in the Spoof tab of your Tenant Allow/Block List. Besides overriding, you may create spoof sender allow or block entries before spoof intelligence detects them.

See also  The CrowdStrike Incident: A Call for Microsoft's Evolution in Endpoint Security

5. Forged Email Authentication

EOP improves the standard email authentication rules for SPF, DKIM, DMARC, and other inbound email types. These enhancements include advanced methods to identify forged senders, like:

  • Recipient history.
  • Sender history.
  • Behavioral analysis.
  • Sender reputation.

Get Phishing Protection from Agio

Be prepared for any phishing attack your company receives with our phishing protection cybersecurity service. Our solution uses artificial intelligence (AI) to protect your Office 365 users from threats. Contact us to learn more today.