MicrosoftRelated to what others and Jarrad_McMullen have been pointing at, I will add that the Anti-Phishing policies' quarantine notification policy assignment capability appears like confusing overlap with the Phish/High Confidence Phil actions in an Inbound Spam policy.
In an Anti-Phishing policy (e.g. "Office365 AntiPhish Default (Default)"), what category do these actions line up with (Phish, High Confidence Phish, something else?)?:
If the message is detected as an impersonated user: _____________________??
If the message is detected as an impersonated domain:___________________??
If Mailbox Intelligence detects an impersonated user:_____________________??
If the message is detected as spoofed:_____________________________________??
Each one of those has the ability to use the Quarantine action, and then assign a quarantine policy. But then, we have no way to know what category this is going to show up to users as. If it's "Phish", they should be able to see it; if it's "High Confidence Phish", they shouldn't be able to see it, and if it's something else, well what then?
