Complete Guide on How to Setup / Enable Office 365 Anti-Phishing Policy

Ugra Narayan Pandey | December 11th, 2018 | Tips

“Don’t know how but, according to the recent news, hackers can gain access to MS Office 365 emails, calendars, contacts, etc., even if MFA is enabled. They are having ideas to make a path for performing attacks on the targeted entity. Its now time for us to take cloud data security seriously and become an aware online user. Being an active cloud user, I have activated all security features needed to secure my Microsoft Office 365 tenant. Now I want to strengthen the existing security, by putting an additional security layer in my tenant by using Office 365 anti-phishing policy. I am known from this policy but, don’t know the way to setup it. Can anyone of my social media friends help me out with the same?”

Alike above scenario, several Microsoft customers are there who have heard about anti-phishing policy in Office 365 but, don’t know the method to setup it. They post their queries related to the same, on different tech forums, social media sites, etc., with hope of getting answer. Therefore, here we came with this informative webpage to assist Microsoft customers in setting Office 365 anti-phishing policy.

What is Office 365 Anti-Phishing Policy?

In today’s date, there are different forms of phishing attacks whose purpose is only to harm targeted entity. It covers the range from commodity-based to targeted spear. Although enterprise officials are already having different kinds of stuff to hold their mission and the company’s growth still, they have to take care of online protection too. It is strongly recommended to online users that they should not ignore the use of standards available for cloud data security. Well, Microsoft provides an inbuilt feature for threat protection, which is named as Anti-Phishing policy in Office 365. This feature helps in protecting organizations from dangerous impersonation-based phishing threats. The policy is available with limited set of anti-spoofing protection whose purpose is only to render prevention against deception-based and authentication-based threats. By default, this feature is disabled in Microsoft Office 365 tenant. Interested clients have to enable or activate Microsoft Office 365 anti-phishing policy to use this.

Warning – Attackers make use of phishing approaches to successfully gain access on core business content like financial records, customer’s personal records, account details, etc. Different tricks are attempted by them to force the target user to click on the malicious file and hence, enable threat to spread. Therefore, it is extremely essential to impose Office 365 anti-phishing policy, if you are an Office 365 user.

Prerequisites to Setup O365 Anti-Phishing Policy

Before proceeding further, note down one thing that ‘Microsoft renders this policy only to the Enterprise E5 license clients. Other licensed users have to purchase ‘Advance threat protection’ like an add-in for the availability of it.’ Businesses can take best out of this anti-phishing policy by using the latest version of Office 365 ProPlus on MS Windows operating system. After this, check for the following prerequisite points to enforce the policy on your own:

  • Check that you are the authentic individual either in security admin role group or enterprise admins.
  • With a relaxed mind, read all options given on ATP anti-phishing policy’s official website.
  • Once done with reading, decide all the policies that are needed for your business and then, prioritize them.
  • Before setup, make up your mind with an aspect that 15-30 minutes are going to be spent in enforcing Office 365 anti-phishing policy.

Time To Setup Office 365 Anti-Phishing Policy

1. Locate Microsoft Office 365 Security and Compliance center page of your admin tenant in any of PC browser

2. Navigate towards LHS of the panel and click on Threat Management >> Policy

Policy Page

3. This opens a policy page where you have to hit on ATP anti-phishing

ATP anti-phishing

4. An anti-phishing policy page gets loaded in which you have to click on +Create button. Here, you will begin with the creation of a new Office 365 anti-phishing policy

Create Office 365 Anti-Phishing Policy

5. Describe the name of policy and give it a short description. Hit on Next to proceed further

Name Your Policy

6. Expand the Add a Condition menu and then, on the basis of company’s requirement, describe the policy condition

Add a Condition

7. Now comes the section for choosing the domain for configuration. You are free to choose the option for customizing domain via this policy

Customizing Option

8. Click on Add button to append more situations in the new policy, if needed. Else, simply click on Next

Proceed Next

9. Check all the policy settings made by you on ‘Review Your Settings’ page. If you want to make any changes, click on blue colored link of Edit

Review Your Settings

10. At last, click on Create this policy for implementation of new anti-phishing policy in Office 365 account.

Create the Policy

Hope You Got Answer To Your Question

The post provides a stepwise method to implement Office 365 anti-phishing policy. Being the cloud service provider, Microsoft is rendering possible security options to its customers. Now its time for the consumers to make use of those option in a profitable manner.