This article will provide some best practice configurations for MS365 Inbound Security Settings
Anti-Phishing Policy
https://security.microsoft.com/antiphishing
- Go to the above URL.
- Create a new Anti-Phishing Policy or edit the default Anti-Phishing Policy with the priority rule of "Lowest".
- Select an Anti-Phishing threshold for the Anti-Phishing engine.
- Configure Anti-Phishing to protect the domains you own.
- Enable Mailbox Intelligence and Intelligence for impersonation protection.
- Enable Spoof Intelligence.
- If a message is detected as a user impersonation Quarantine the message.
- If a message is detected as a domain impersonation Quarantine the message.
- If Mailbox intelligence detects an impersonated user Quarantine the message.
- Select Honor the DMARC Policy and configure delivery as per your requirements. (We recommend Junk/Quarantine for DMARC Quarantine failures and Reject for DMARC Reject failures)
- We recommend turning on all available Safety Tips and Indicators.
You will now have configured the MS365 Anti-Phishing policy to protect against impersonations and spoofs, while also telling MS365 how to handle DMARC failures.
Anti-Spam Policy
https://security.microsoft.com/antispam
- Go to the above URL.
- Create a new Anti-Spam Policy or edit the default Anti-Spam Policy with the priority rule of "Lowest".
- Turn the Backscatter protection feature on.
This feature will protect you from a "Backscatter" attack, where malicious actors will impersonate your domain, but due to your DMARC protection policy those emails will be rejected, flooding the attacked user with bounce-backs or NDR (non-delivery reports).
Please note not all features or flags will be available if you do not have Defender for Office.
If you are only using EOP (Exchange Online Protection) included for free, we recommend configuring the options that are available as per our documentation above.
Need Help?
support@sendmarc.com is standing by to assist!