Set up anti-phishing

Phishing is a malicious attack where an email looks like it was sent from a familiar source, but it attempts to collect your personal information. By default, Microsoft 365 includes some anti-phishing protection, but you can increase that protection by refining the settings. Let's take a look.

Try it!

  1. In the admin center at, select Security, Threat Management, Policy, then ATP Anti-phishing.

  2. Select Default Policy to refine it.

  3. In the Impersonation section, select Edit.

  4. Go to Add domains to protect and select the toggle to automatically include the domains you own.

  5. Go to Actions, open the drop-down If email is sent by an impersonated user, and choose the action you want.

    Open the drop-down If email is sent by an impersonated domain and choose the action you want.

  6. Select Turn on impersonation safety tips. Choose whether tips should be provided to users when the system detects impersonated users, domains, or unusual characters. Select Save.

  7. Select Mailbox intelligence and verify that it's turned on. This allows your email to be more efficient by learning usage patterns.

  8. Choose Add trusted senders and domains. Here you can add email addresses or domains that shouldn't be classified as an impersonation.

  9. Choose Review your settings, make sure everything is correct, select Save, then Close.

    Your organization now has better protection from phishing threats.