Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

How to check if the Anti-phishing Policy in Microsoft 365 Defender is working?

Copper Contributor

I have created a new Anti-Phishing Policy with a Phishing threshold of 4 (Most Aggressive) wondering if it is doing anything as expected and how to check the results as well as the quarantined phishing attempts. for this policy, I have created a new mail-enabled security group and added only a couple of users.

 

how long will it take to see the results for the Secure Score?

1 Reply

@XTech24 

One way is to Review your hosted quarantine and filter for quarantine reason Phishing. You may have further to look than expected because items are not always sent to quarantine for the expected reason; they may have fallen foul of another filter instead.

 

Pick an item and look at the Quarantine Details panel, Policy name. That should say what policy did the deed. If your new policy only covers two addresses, it may be some time until you get a hit.

 

There might be a programmatic way of checking more methodically with PowerShell, but it is a long time since I looked at that and a busy hosted quarantine is generally too big to search unless a lot of anti-throttling code is included in the script.