Forum Discussion

tomwrigglesworth's avatar
tomwrigglesworth
Copper Contributor
Jul 26, 2024

Handing email Impersonation Protection

Hi all, 

 

We are looking at ways to handle emails that could potentially be impersonation emails. The filtering we have at the moment doesn't have any kind of handing of that, apart from an email letting them know it could be.

 

Is it possible for Defender to review an email for similar criteria (sender and recipient), flag it as an impersonation, block it and then tell the administrator or the end user, for them to release?

 

We have defender for email protection but do not really use it - which I want to change.

 

Any guidance or suggestions for a better handing would be very appreciated.

 

Kind regards

Tom

1 Reply

  • cammurray's avatar
    cammurray
    Icon for Microsoft rankMicrosoft
    Jul 31, 2024
    Hey Tom,

    There's inbuilt impersonation controls in Microsoft Defender for Office 365. This can look for similarities with sensitive users, domains, and also your usual contacts (what we call mailbox intelligence).

    You need Microsoft Defender for Office for this, and you'll need to provision policies. In smaller organisations, turning on in-built protection may be a better way to ensure all of these kind of controls are enabled across the board, but you can explicitly turn on just impersonation.

    More information here: https://learn.microsoft.com/en-us/defender-office-365/anti-phishing-policies-about