Does impersonation checks in Phishing policy work for email aliases?

Occasional Contributor

I'm looking at the anti-phishing in EOP - "Add up to 60 internal and external users you want to protect from being impersonated by attacker"

 

Q. Our staff have multiple email aliases, such as fred@contoso.co.uk and fred@contoso.com If I add  fred@contoso.com as one of the 60 users, would impersonation attempts using fred@sales.contoso.co.uk also be covered or would I need to add both to the list?

1 Reply

I believe it only applies to the value you enter there, so you will need to add any aliases as well. Reason being, it actually accepts "external" addresses as well.