Security & compliance

Set up anti-phishing protection

Surface Book device photo

Important: This video applies to Microsoft 365 Business Premium, or Microsoft 365 Business Standard with the purchase of the Advanced Threat Protection. To learn more, see Threat protection for your small business.

Phishing is a malicious attack where an email looks like it was sent from a familiar source, but it attempts to collect your personal information. By default, Microsoft 365 includes some anti-phishing protection, but you can increase that protection by refining the settings. Let's take a look.

  1. In the admin center at https://admin.microsoft.com, select Security, Threat Management, Policy, then ATP Anti-phishing.

  2. Select Default Policy to refine it.

  3. In the Impersonation section, select Edit.

  4. Go to Add domains to protect and select the toggle to automatically include the domains you own.

  5. Go to Actions, open the drop-down If email is sent by an impersonated user, and choose the action you want.

    Open the drop-down If email is sent by an impersonated domain and choose the action you want.

  6. Select Turn on impersonation safety tips. Choose whether tips should be provided to users when the system detects impersonated users, domains, or unusual characters. Select Save.

  7. Select Mailbox intelligence and verify that it's turned on. This allows your email to be more efficient by learning usage patterns.

  8. Choose Add trusted senders and domains. Here you can add email addresses or domains that shouldn't be classified as an impersonation.

  9. Choose Review your settings, make sure everything is correct, select Save, then Close.

Your organization now has better protection from phishing threats.

Tip: Learn how you and your employees can protect yourselves from phishing attacks while at work or at home. See Protect yourself from phishing.

Phishing is a malicious attack where an email that looks like it was sent from a familiar source, but it attempts to collect your personal information.

By default, Microsoft 365 includes some anti-phishing protection, but you can increase that protection by refining the settings. Let's take a look.

In the admin center, select Security, Threat Management, Policy, then ATP Anti-phishing.

Select Default Policy to refine it.

In the Impersonation section, select Edit.

Go to Add domains to protect and select the toggle to automatically include the domains you own.

Go to Actions, open the drop-down If email is sent by an impersonated user, and choose the action you want.

Open the drop-down If email is sent by an impersonated domain and choose the action you want.

Select Turn on impersonation safety tips.

Choose whether tips should be provided to users when the system detects impersonated users, domains, or unusual characters. Select Save.

Select Mailbox intelligence and verify that it's turned on.

This allows your email to be more efficient by learning usage patterns.

Choose Add trusted senders and domains.

Here you can add email addresses or domains that shouldn't be classified as an impersonation.

Choose Review your settings, make sure everything is correct, select Save, then Close.

Your organization now has better protection from phishing threats.

Need more help?

Expand your Office skills
Explore training
Get new features first
Join Office Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.

×