MyPage is a personalized page based on your interests.The page is customized to help you to find content that matters you the most.

I'm not curious

Set Up Microsoft Office 365 Threat Protection Policy

Published on 26 March 18
Today, every user is very much concerned about spam in Office 365. However, it is difficult to detect the spear-phishing and whaling attackers. Through these attacks, criminals try to impersonate any trusted sender and target individuals of any organization, which have the access to sensitive data like personal information of any employee, credit/debit card numbers, or the authority to transfer money. Hence, to defend users from the spam, Exchange Online Protection (EOP) service is generated to protect the emails of the user from the moment they receive the first message.
“Quick Tips: Try SysTools Office365 Backup & Restore Tool to backup and export Office 365 Mailbox to PST/EML file format and save it locally to protect mailbox items from sudden data loss.”
Office 365 Advanced Threat Protection (ATP) is an application of Exchange Online Protection (EOP), which assists users in keeping malware out of their email. With this ATP, users can create policies in the Exchange Admin Center (EAC) or in the Security and Compliance Center. It helps to ensure the users to access only those links or attachments to emails, which are identified as not malicious. If the user is an Office 365 Enterprise global or security administrator then, he/she can set up the ATP anti-phishing policies. The Phishing attacks are present in various forms, from commodity-based attacks to whaling or targeted spear phishing. With the increasing complexity, it is challenging for even a trained eye to detect these sophisticated attacks. Fortunately, to resolve this, Office 365 Advanced Threat Protection is invented. Users can set up the ATP anti-phishing policy to defend the organizations against such attacks.
In order to prevent users from spam in Office 365, it is required to change the protection setting to resolve any specific issue of the organization. If any user is receiving many spams from a specific sender then, they can change the anti-spam settings from the Office 365 Security and Compliance Center.

Office 365 Advanced Threat Protection protect the emails, and Office 365 account from undiagnosed and sophisticated attacks. The main services of this ATP are following:

  • Secure mailboxes against advanced threats
  • Protect users from unsafe attachments
  • Guard the environment when users click on malicious links
  • Provide rich reporting and track links in the email messages

Security and Compliance Center - Office 365 Threat Protection

The latest anti-phishing policies reintegrated within Office 365 Advanced Threat Protection, which is an add-on edition of Exchange Online Protection. It is also enclosed within the Enterprise E5 license bundle. When the anti-phishing is available in user’s tenant, this will display in the Security and Compliance Center.

Note: ATP anti-phishing is just available in the Advanced Threat Protection Office 365 Enterprise E5. If any organization is operating some other Office 365 Enterprise subscription then, Advanced Threat Protection can be bought as an add-on. (To do this, As a global admin, Go to Office 365 admin center >> Billing >> Add subscriptions)
Add Users to Protect from being Impersonated
After creating a new anti-phishing policy, terminology can look a bit puzzling at first. Let us understand this with an example to clear things up. Select a name for your policy then, you will be asked to add any users to protect. Here it is asked about the email addresses, which you want to defend from being impersonated. These are not the same users who will receive the phishing emails. Users are allowed to add 20 internal and external email addresses that they are required to protect from impersonation. When the administrator required to ensure that the email is from outside of their organization then, is not an impersonation of the users of the protected list.
Add domains to protect

After this, the next step is to add domains to protect. Here, we are talking about the domains that user want to defend from being impersonated. Well, it is a good idea to leave the alternative to automatically add the domains are own enabled. Thus, the owned domain names are secured from impersonation. Administrators are allowed to add partner domains, or any other domains, which could be impersonated to harm the organization.

In case, if the administrator wants to ensure that the email is from outside his organization then, it is not an impersonation of domains that are defined in the list of verified domains or of a partner domain.
Choose Actions for Policy
Now, select the actions you are required to take. One can define the separate actions for the impersonated users (specific emails, like and for the impersonated domains. The activities available are:

  • Redirect the message to any other email address
  • Move the message to the recipient of Junk Email folder
  • Quarantine message (It is user-accessible quarantine to release and view the email)
  • Deliver the email message and add any other addresses for the Bcc line (it is a reasonable action if the user just need to test the new policy)
  • Do not apply any action (it will still add the phishing protection tip)

Phishing Protection Tips
Selecting the suitable actions to depend upon the risk level for the users or the domains that user is protecting from being impersonated. If an email message is considered phishing, however, user delivers it to the junk email folder then, there is still the risk. However, taking the most aggressive method of redirecting the email to another email address (check that there is no delete message action is present), there is still the risk of legitimate and time-sensitive requests from being missed.

There are three main tips and all are enabled by default.

Use Mailbox Intelligence

Configuring the mailbox intelligence is the next option. This option is enabled by default. Mailbox intelligence utilizes the mailbox's normal traffic structures for better enabling of the impersonation detection to find unusual messages.

Add Trusted Sender and Domain

Next, users can add trusted senders and domains. This will let users override the anti-phishing policy for the senders to that someone knows is safe. Messages from sender email addresses and the domain’s user add as the trusted senders and domains will not ever be categorized as the impersonation-based attack. It results, the actions and settings in the policy will not be applied to the email messages from the senders and domains.

Apply Created Policy

Eventually, select the recipients for applying the policy to. There are the users, who user want to defend from receiving the phishing emails. This alternative is same as any other ATP policies and permits to generate policies that apply to:

  • Specific recipients
  • Recipients that are members of a group
  • Recipients of a domain
Finish this process by reviewing the done settings and then generating the policy. If one is having multiple policies then, they can adjust their priority to ascertain that which order they are processed in. However, fewer policies are easier to manage.
As the new functionality, we hope that ATP anti-phishing policy to go along as the new threats emerge. If someone has Office 365 ATP, we recommend them to begin the testing anti-phishing policies immediately.
This blog is listed under Enterprise Applications Community

Related Posts:
View Comments (2)
Post a Comment

Please notify me the replies via email.

  • We hope the conversations that take place on will be constructive and thought-provoking.
  • To ensure the quality of the discussion, our moderators may review/edit the comments for clarity and relevance.
  • Comments that are promotional, mean-spirited, or off-topic may be deleted per the moderators' judgment.
  1. 04 November 22

    I would like to suggest you can also try ZOOK Office 365 Backup Software is the most suitable solution for all the limitations of Office 365 which is related to Data protection. It helps to take backup of your Exchange data and to secure and protect your backup data. The Advance Filter option offers to choose Date Range, date range selection, subject, etc. It Supports to all Outlook Versions i.e. Outlook 2019, 2016, 2013, 2010, 2007, 2003, etc. Download and use it Now:

  2. 28 May 19

    Office 365 Email Backup Software helps you to backup all the emails from Office 365. This tool download and import all the data from Office 365 to both Cloud-based and Desktop-based email client application Visit at ;

You may also be interested in
Awards & Accolades for MyTechLogy
Winner of
Top 100 Asia
Finalist at SiTF Awards 2014 under the category Best Social & Community Product
Finalist at HR Vendor of the Year 2015 Awards under the category Best Learning Management System
Finalist at HR Vendor of the Year 2015 Awards under the category Best Talent Management Software
Hidden Image Url