Forum Discussion
Mohan Seenippandian
Feb 13, 2018Brass Contributor
Default Anti-phishing with Office 365 ATP for all users ?
We are configuring the Anti-Phishing Policy in Security & Compliance Center . There is an option to "Add users to protect". Understand we could use this option to target VIP users. But if we need to target this policy to all users in the tenant (i.e. Default policy), can we leave ""Add users to protect"" option empty and configure "Add domains to protect" option and "Applied to" option to include all our domains. ? Would that apply Anti-Phishing protection to all our users and domains ? Otherwise we will require multiple policies to cover all users and there 30K mailboxes in the cloud.
Thanks.
Hello Mohan,
The new Anti-Phishing policy is about:
1. Protecting your accepting domains from look-alikes and impersonation attacks
2. Protecting your targeted high profile users from impersonation and look alike attacks.
So in users to Protect, you should specify, you should specify the users/their email addresses that you want to do a impersonation check on
In domains to protect, we already include your accepting domains by default, but you can add other partner domains as well.
Finally, you can configure your action to TIP ( we recommend starting with a tip) and then graduate to junking/quarantine.
You can apply this policy to everyone in your organization.
So for example, you can create a policy that checks against look-alike attacks against your CEO's name and assign that policy to all users in your org (though applied to setting).
Hope this helps.
Thanks,
Abhishek Agrawal, Principal PM Lead, Office 365 [MSFT]
- Abhishek_Agrawal
Microsoft
Hello Mohan,
The new Anti-Phishing policy is about:
1. Protecting your accepting domains from look-alikes and impersonation attacks
2. Protecting your targeted high profile users from impersonation and look alike attacks.
So in users to Protect, you should specify, you should specify the users/their email addresses that you want to do a impersonation check on
In domains to protect, we already include your accepting domains by default, but you can add other partner domains as well.
Finally, you can configure your action to TIP ( we recommend starting with a tip) and then graduate to junking/quarantine.
You can apply this policy to everyone in your organization.
So for example, you can create a policy that checks against look-alike attacks against your CEO's name and assign that policy to all users in your org (though applied to setting).
Hope this helps.
Thanks,
Abhishek Agrawal, Principal PM Lead, Office 365 [MSFT]
- Aline VidaCopper Contributor
What is the difference between anti-spoofing protection and impersonation within the antiphishing policy configuration options? Isn't spoofing the same thing?
- Aline VidaCopper Contributor
How long do changes made to the anti-phishing policy take to take effect?
- Aline VidaCopper Contributor
I found that it takes 30 minutes.
- Robert WoodsSteel Contributor
I need notifications on quarantines. I find that I forget to check it often. Any way to set this up?
- MooreSecurityBrass ContributorHey Robert,
The only method i've come to know as far as receiving a notification for the anti-phishing policy is setting the policy to set the action to "Redirect message to other email address". Although it's been on for weeks, and I have yet to receive an "alert". Have emails been sent to your quarantine?
According to the last example in this article, it should be possible to create a policy that covers all users. I agree though, neither the UI nor the documentation are very intuitive, let me ask around...
- Mohan SeenippandianBrass Contributor
Thanks Vasil .