Hi team,
Our organization recently got a phishing attack, could you please let me know what are the steps we can take to avoid this happen again.
Thank you for your help,
Hi team,
Our organization recently got a phishing attack, could you please let me know what are the steps we can take to avoid this happen again.
Thank you for your help,
Jennifer,
May I ask a couple of questions for clarity?
What Microsoft products are you currently using?
Have you changed since the phishing attack?
Why device and application were the user using when they got infected?
Hello Scott
Please see below the answers
What Microsoft products are you currently using? Microsoft 365 E3 licenses
Have you changed since the phishing attack? No
What device and application were the user using when they got infected? Their laptop, outlook application
Thank you for your help
Hi @Jennifer-3804,
By default, there's already a built-in anti-phishing policy that contains a limited number of anti-spoofing features enabled in Microsoft 365 organizations with mailboxes in Exchange Online. It can be viewed in the Anti-phishing page(https://security.microsoft.com/antiphishing). 
Considering that your organization is still getting phishing attack, you can increase that protection by refining the current settings of the anti-phishing policy or creating custom anti-phishing policies with stricter settings that are applied to specific users or groups of users. See: Configure anti-phishing policies in EOP.
Furthermore, there are some additional features included in Exchange Online Protection (EOP) and Microsoft Defender for Office 365 which can help protect your organization from phishing threats. For more information, hopefully you can find the document belwo helpful:
Anti-phishing protection in Microsoft 365
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Thanks for the information. Microsoft Defender for Office 365 plan 2 has many of the features to help with these issues. Go to this site for access to an Interactive Guide. Well worth the 20-minute investment. Whenever possible, empowering the users with training and live testing gives some personal accountability which can help in the long term. To access, visit the new Security Portal > Email & collaboration > Attack simulation training.
For getting started information about Attack simulation training, see Get started using Attack simulation training.
Thank you guys!
8 people are following this question.