O365 Email Anti-Phishing Policy Creation Procedure

This admin procedure will provide background information on creating an anti-phishing threat policy that will monitor phishing detection for inbound and outbound mail flow.

Anti-Phishing Threat Policy

An anti-phishing threat policy specifies the phishing protections that are applied to your organizational mail flow, and how the messages that fail to meet compliance are handled. It also includes information about the priority and recipient filters for the policy.

Procedure Scope: Administrators

Required Group Membership: Admin.EmailSecurity

Creating an Anti-Phishing Threat Policy

1. Navigate to Anti-Phishing – O365 Defender, and select Create.
   
2. Provide the basic information to the policy such as name and description, should explain the policies’ purpose and scope of effect. Select Next to continue.
   
3. Next you will be able to supply assignments or exclusions to internal users, groups, and domains. Select Next to proceed.
   
4. A list of all the possible configuration settings will be listed, make sure to apply the necessary settings to fit the needs of your organization. Select Next to continue.
   
5. You can specify the actions that will be taken on the messages that are flagged for phishing, these can be adjusted to take no action, redirect the message, direct the message to junk folder, quarantine, etc. Select Next to proceed to revisions.
   
6. The review page will allow you to see all configured settings for the device control creation process, if you detect a discrepancy at this stage make note of the section and select Back to make alterations before finalization. If everything checks out, select Submit to publish the policy.
   
7. A prompt will be displayed detailing that the policy has been created and has been put into immediate effect. Select Done to finalize the creation process.
   

You're Finished!