Tag: Anti Phishing

Best Practices in configuring Office 365 Anti Phishing Policy

Office 365 Advanced Threat Protection enables additional layer of protection against malicious URLs, Malicious Attachments and Phishing campaigns.

In my previous posts we talked about these configurations, please click on the hyperlinks below to see those posts.

1. Best practices in configuring Office 365 Safe Attachments

2. Best Practices in configuring Office 365 Safe Links.

Today we’ll take a look at anti phishing policies which can be configured in Office 365 for protection against

  • 1. User Impersonation
  • 2. Domain Impersonation
  • 3. Domain Spoofing

User Impersonation : User Impersonation configuration allows organization to list down their top executives like CEO, CFO, Directors etc and any emails coming with the exact same display name and going to users will be quarantined/delivered to Junk as per the configuration.

Domain Impersonation : Domain Impersonation configuration protects against emails coming with similar typosquatted domains like yours. For eg. your organizations domain is Contoso.com and attackers may send emails after registering similar looking domains like Cont0so.com, Contoso-inc.com etc.

Domain Spoofing :  Domain spoofing configuration enables domain authentication like SPF, DKIM, DMARC to be enforced validating the origin of the emails as per the from address and block/quarantine/junk those emails which fails authentication.

I have created this video tutorial of Step by Step tutorial of the recommended configurations of Anti Phishing Policies in Office 365 Advanced Threat Protection.

Hope you like the videos, please do subscribe to the channel to be updated with future tutorials.

Cheers




Best Practices in configuring ATP Safe Link Policies in Office 365

One of the major attack vector used by threat actors are sending emails with malicious URLs. These emails without any malicious attachments usually has luring text which encourages users to click on a link to take any action and then take them to a Phishing URL or a webpage with malicious content.

For E.g. the email below, which looks like it has come from Microsoft to users and asking users to click on a URL which would lead to

Email

Office 365 Advanced Threat Protection enables Safe Link policy which protects users at the time of click by verifying the URL against threat intelligence for any phishing page or malicious content.

Please watch this video on how to configure Office 365 Safe Links with recommended configurations.

if you want to see a quick demo on how Office 365 Safe works, checkout the following video.

Cheers.