I'm looking at the anti-phishing in EOP - "Add up to 60 internal and external users you want to protect from being impersonated by attacker"
Q. Our staff have multiple email aliases, such as fred@contoso.co.uk and fred@contoso.com If I add fred@contoso.com as one of the 60 users, would impersonation attempts using fred@sales.contoso.co.uk also be covered or would I need to add both to the list?