Login

REQUEST PRICING
TRY IT FREE

Office 365 Anti Phishing Guide

Table of Contents

Phishing attacks/phishing attempts on Microsoft 365 security are common because the increased number of users increases the chances of success for hackers.

Key Takeaways

  • What is Office 365 ATP? A security solution that scans incoming mail for spoofing, malicious links, and malware.
  • Common Phishing Tactics: Hackers use fake non-delivery notices, SharePoint (PhishPoint) links, and storage limit warnings to steal credentials.
  • Eligibility: ATP is included with Microsoft 365 Enterprise E5 licenses; other users may need it as an add-on.
  • Customization: Administrators can set specific thresholds and policies to quarantine or redirect suspicious emails.
  • Security Best Practice: While ATP is robust, it is recommended to use it alongside additional anti-phishing software for layered defense.

Since most businesses make use of the software, phishing attacks can allow hackers to get their hands on secret or confidential information.

Cyber attackers use sophisticated ways to fool email recipients into handing over login credentials/data. Therefore, knowing what a phishing email looks like can prevent employees/business owners from coming under fire.

Phishing email examples

Let us look at some common examples of phishing emails/incoming emails below:

Attack Type Method / Goal
Non-delivery Emails Uses fake “retry” links to trick users into clicking malicious URLs.
PhishPoint Uses legitimate SharePoint files to bypass filters and deliver malicious links.
Storage Limit Alerts Fakes a full mailbox warning to prompt users to enter credentials.
Reactivation Request Directs users to a fake login page to steal account credentials.

Advanced Threat Protection for Office 365

Microsoft Office 365 ATP (Advanced Threat Protection) or Office 365 anti-phishing is a security solution that is part of the software and its services like a partner program.

ATP scans incoming mail and detects spoofing, malicious links, and malware. Anything that comes across as a phishing attempt is immediately blocked, and the email will fail to reach the inbox.

Enabling phishing protection

Office 365 ATP does not exactly need to be enabled. Subscribed users can automatically avail of this service while running Office programs.

However, the Office 365 ATP options are flexible and can be changed based on user needs.

Office 365 policies for ATP

Office 365 ATP allows a global or security administrator to select anti-phishing policies based on a company’s needs. These include:

  • Selecting trusted senders/domains.
  • Picking preventive measures against phishing emails. Users can pick between quarantine, move to the junk folder, add anti-phishing tips, redirect, deliver, or no action.
  • Select users/domains you wish to protect.
  • Turn mailbox intelligence on or off.
  • Pick options from advanced phishing thresholds.

Advanced thresholds in ATP

Office 365 anti-phishing ATP not only allows users to select options/policies to promote phishing protection, but it also allows users to set certain thresholds.

Advanced options include handling sketchy emails with moderation, intensity, or with rigorousness based on the set thresholds.

Aggressive settings are not always the most suitable choice, as some important emails can also get marked as spam/malware.

Is Office 365 ATP sufficient?

The Office 365 anti-phishing is smart enough to block most phishing attempts but should not be considered a complete Microsoft 365 security package. Since blocking phishing attacks/malware is not Microsoft’s expertise, the ATP can fall short in many circumstances. If you feel comfortable with it, you should use other anti-phishing software along with Microsoft ATP.

Is Office 365 ATP available for everyone?

With its anti-spoofing protection, ATP helps protect companies against phishing emails and credential theft/data breaches. But, can all users avail the ATP functions?

No, availability depends on your specific subscription. Requirements include:

  • Enterprise E5 License: ATP is included by default.
  • Add-in Option: Available as an add-on for other subscription levels.
  • Software Requirement: Recommended for use with Office 365 ProPlus on Windows.

Prerequisites to check before using ATP policies

  • Read up on all points/options regarding ATP/Office 365 anti-phishing on the official website.
  • You must be a true member of the security/system administrators.
  • Select and pick the most suitable policies that apply to your company.
  • Free up around 15 to 30 minutes of your time for proper Office 365 installation and anti-phishing policy setup.

What are the steps to set up Office 365 anti-phishing policies?

Let’s look at the steps you need to follow to implement the anti-phishing policies in Office 365 successfully:

  1. Open up a web browser on your Windows Desktop PC.
  2. Go to the O365 Security and Compliance center present in the administrator account.
  3. Select ‘Threat Management’ from the left side.
  4. A policy page will load up from where you need to enable the ‘Advanced Threat Protection’ anti-phishing option.
  5. Click the ‘+Create’ button to create a new policy for phishing protection.
  6. A window with anti-phishing settings will load up where you need to enter a short description and policy name.
  7. Select next to continue with policy creation.
  8. Go to the ‘Add a Condition’ menu to set the policy condition based on business requirements.
  9. Pick a domain name for the configuration. You can also pick custom domains through the ‘Exchange Online’ tenant.
  10. Use the ‘Add a Condition’ button to add more based on how many policies are needed.
  11. When done, click next to load up the ‘Review Your Settings’ page.
  12. Double-check all your data on this new window.
  13. Use the ‘Edit link’ option to make any changes.
  14. Select ‘Create this policy’ to gear your newly created policy into effect.
  15. Your settings will apply to all associated user accounts.

Conclusion

Phishing attacks can cause a company/business to lose confidential/personal data and cause fake login by hackers. These can easily be used against the company in multiple layers, especially by competitors.

Therefore, using Microsoft Office 365 anti-phishing is your best bet. You should also opt for other malware/anti-phishing software to ward off attacks fully.

Author
Gavin Garbutt
Co-Founder & Chairman of Augmentt

FAQ

Using our GDAP tool & Magic Link, setting up is easy! You can integrate with your CSP partner portal in minutes
Augmentt uses a combination of Microsoft Secure Score best practices as well as industry standards such as NIST & CIS. You can use the out of box templates to get started right away and even build your own custom templates to match your client requirements.
Out of box, Augmentt comes pre-configured to not be noisy. Very few Microsoft alerts are critical in nature so you will be receiving tickets for account breaches and not minor user log related events. That said, everything is customizable and you can turn alerts on & off to match your clients’ needs.
No. You can choose to schedule alerts to any stakeholder you want and at the frequency you want or manually download reports when you need them.
Regardless of how MFA is managed across your tenants, we have you covered. Augmentt supports Conditional Access Policies, Security Defaults, Entra ID per user (Legacy) MFA as well as 3rd party MFA services like DUO.
No. You can use Augmentt to monitor and manage all clients regardless of their licensing. For environments with no premium licensing you can still provide alerts and monitoring for account breaches and configure security best practices. For environments with premium licensing, you can leverage Microsoft’s premium alerts and premium security configurations such as Conditional Access Policies.
Augmentt is one of the few vendors SOC 2 Type II, and GDPR compliant.
Site licenses to make sure you can deliver standardized service across all clients very affordably.

SUBSCRIBE for more resources

Related Content

Policy Sprawl Is Killing MSP Efficiency
Policy sprawl is quietly draining your margins, creating security gaps, and eroding client trust. The good news? Standardization is the cure.
Read More
Does Microsoft Secure Score Tell the Whole Story?
Do you have a complete understanding of your security? See why MSPs need to understand the role licensing plays in Secure Score results.
Read More
Top 10 M365 Security Best Practices for MSPs
Here are the top M365 security best practices to help you enhance protection, ensure compliance, and stay ahead of emerging threats.
Read More