4.7 Ensure that an anti-phishing policy has been created

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

By default, Office 365 includes built-in features that help protect your users from phishing attacks. Set up anti-phishing polices to increase this protection, for example by refining settings to better detect and prevent impersonation and spoofing attacks. The default policy applies to all users within the organization, and is a single view where you can fine-tune anti-phishing protection. Custom policies can be created and configured for specific users, groups or domains within the organization and will take precedence over the default policy for the scoped users.

Rationale:

Protects users from phishing attacks (like impersonation and spoofing), and uses safety tips to warn users about potentially harmful messages.

Impact:

Turning on Anti-Phishing should not cause an impact, messages will be displayed when applicable.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

To set the anti-phishing policy, use the Microsoft 365 Admin Center:

Click Security to open the Security portal.

Under Email & collaboration navigate to Policies & rules > Threat policies.

Select Anti-phishing.

Click Create to create an anti-phishing policy.

To create an anti-phishing policy, use the Exchange Online PowerShell Module:

Connect to Exchange Online service using Connect-ExchangeOnline.

Run the following Exchange Online PowerShell command:

New-AntiPhishPolicy -Name 'Office365 AntiPhish Policy'

See Also

https://workbench.cisecurity.org/files/3729