Stop Phishing Attacks With Microsoft 365

Stop Phishing Attacks with Microsoft 365

Phishing attacks come unexpectedly and can cause great damage with the click of a button. As an end user, it can be difficult to differentiate between phishing attacks and general email content. With Microsoft 365, it is extremely easy to protect again unwanted email content, and more.

Microsoft 365 Advanced Threat Protection

Advanced Threat Protection, or ATP, involves policies covering anti-spam, anti-phishing, anti-malware, safe links, and safe attachments. With a Microsoft 365 Business premium license, your organization can be protected against malicious email threats with the flip of a switch. ATP is configured in the Security admin center and offers two plans for your organization: standard protection, or advanced protection. Depending on the compliance regulations and needs your organization is adhering to, one of these plans will provide a secure baseline that you can be confident in as an MSP.

Anti-Phishing Protection in Microsoft 365

Phishing is an email attack that attempts to steal sensitive information from the recipient that appear to be from legitimate or trusted senders. Microsoft Anti-Phishing protects against:

Spear phishing: uses focused, customized content that\’s specifically tailored to the targeted recipients (typically, after reconnaissance on the recipients by the attacker).  (Microsoft, 2021)

Whaling: is directed at executives or other high value targets within an organization for maximum effect.  (Microsoft, 2021)

Business email compromise (BEC): uses forged trusted senders (financial officers, customers, trusted partners, etc.) to trick recipients into approving payments, transferring funds, or revealing customer data.  (Microsoft, 2021)

Ransomware: that encrypts your data and demands payment to decrypt it almost always starts out in phishing messages. Anti-phishing protection can\’t help you decrypt encrypted files, but it can help detect the initial phishing messages that are associated with the ransomware campaign (Microsoft, 2021)

Unfortunately, with the growing complexity of attacks it is becoming increasingly difficult for trained professionals to recognize attacks. Fortunately, Exchange Online Protection and the additional tools provided through Microsoft Defender can help.  (Microsoft, 2021)

Anti-phishing Protection in EOP

Exchange Online Protection (EOP) has many policies that can help protect against your organizations phishing threats. With EOP, you can get even more granular with your anti-phishing configuration. Some key policies offered through EOP are spoof intelligence, anti-phishing policies in EOP, allow or block spoofed senders in the Tenant Allow/Block List and email authentication.

Additional Anti-phishing Protection in Microsoft Defender for Office 365

For even more tenant security, Microsoft Defender for Office 365 contains additional resources and more advanced phishing features. Microsoft Defender for Office 365 includes Anti-phishing in Microsoft Defender for Office 365, Campaign Views, and Attack Simulation Training. With Attack Simulation Training, admins can create fake phishing scenarios and send them to internal users as an educational tool. For more information on stopping phishing attacks with Microsoft 365, Anti Phishing protection through ATP and Microsoft Defender, book a consultation by visiting and selecting “Book a Consultation” in the top website banner!



Leave a Reply

%d bloggers like this: