在 EOP 中設定反網路釣魚原則Configure anti-phishing policies in EOP

重要

改良的 Microsoft 365 安全性中心現在可供公開預覽。The improved Microsoft 365 security center is now available in public preview. 這個新的體驗會將適用於端點的 Defender、適用於 Office 365 的 Defender、Microsoft 365 Defender 和更多功能帶到 Microsoft 365 安全性中心。This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 security center. 了解新功能Learn what's new. 本主題僅適合適用於 Office 365 的 Microsoft Defender 和 Microsoft 365 Defender。This topic might apply to both Microsoft Defender for Office 365 and Microsoft 365 Defender. 請參閱 適用於 區段,並且尋找此文章中可能有所不同的特定圖說文字。Refer to the Applies To section and look for specific call-outs in this article where there might be differences.

適用於Applies to

在使用 Exchange Online 或獨立 Exchange online (Protection 中信箱的 Microsoft 365 組織中,EOP) 組織沒有 Exchange Online 信箱時,會有預設的反網路釣魚原則,其中包含預設啟用的有限的反欺騙功能。In Microsoft 365 organizations with mailboxes in Exchange Online or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, there's a default anti-phishing policy that contains a limited number of anti-spoofing features that are enabled by default. 如需詳細資訊,請參閱 反網路釣魚原則中的欺騙設定For more information, see Spoof settings in anti-phishing policies.

系統管理員可以查看、編輯和設定 (,但不會刪除預設的反網路釣魚原則) 。Admins can view, edit, and configure (but not delete) the default anti-phishing policy. 為了獲得更多細微性,您也可以建立適用于組織中特定使用者、群組或網域的自訂反網路釣魚原則。For greater granularity, you can also create custom anti-phishing policies that apply to specific users, groups, or domains in your organization. 自訂原則一律優先於預設原則,但您可以變更自訂原則的優先順序 (執行順序)。Custom policies always take precedence over the default policy, but you can change the priority (running order) of your custom policies.

具有 Exchange Online 信箱的組織可在安全性 & 合規性中心或 Exchange Online PowerShell 中設定反網路釣魚原則。Organizations with Exchange Online mailboxes can configure anti-phishing policies in the Security & Compliance Center or in Exchange Online PowerShell. 獨立 EOP 組織只能使用安全性 & 合規性中心。Standalone EOP organizations can only use the Security & Compliance Center.

如需在適用365于 office 365 的 Microsoft Defender for Office 中建立及修改更高級的反網路釣魚原則的相關資訊,請參閱在 Microsoft defender For office 365 中設定反網路釣魚原則For information about creating and modifying the more advanced anti-phishing policies in Microsoft Defender for Office 365 that are available in Defender for Office 365, see Configure anti-phishing policies in Microsoft Defender for Office 365.

反網路釣魚原則的基本元素如下:The basic elements of an anti-phishing policy are:

  • 反網路釣魚原則:指定要啟用或停用的網路釣魚防護,以及要套用選項的動作。The anti-phish policy: Specifies the phishing protections to enable or disable, and the actions to apply options.
  • 反網路釣魚規則:指定原則套用至) 以進行反網路釣魚原則的優先順序和收件者篩選 (。The anti-phish rule: Specifies the priority and recipient filters (who the policy applies to) for an anti-phish policy.

當您在安全性 & 合規性中心管理反網路釣魚原則時,這兩個元素之間的差異並不明顯。The difference between these two elements isn't obvious when you manage anti-phishing policies in the Security & Compliance Center:

  • 當您建立反網路釣魚原則時,實際上是建立反網路釣魚規則,同時也為這兩者使用相同的名稱建立了關聯的反網路釣魚原則。When you create an anti-phishing policy, you're actually creating an anti-phish rule and the associated anti-phish policy at the same time using the same name for both.
  • 當您修改反網路釣魚原則時,與名稱、優先順序、啟用或停用的名稱和收件者篩選器相關的設定會修改反網路釣魚規則。When you modify an anti-phishing policy, settings related to the name, priority, enabled or disabled, and recipient filters modify the anti-phish rule. 所有其他設定會修改關聯的反網路釣魚原則。All other settings modify the associated anti-phish policy.
  • 當您移除防網路釣魚原則時,會移除反網路釣魚規則和相關聯的反網路釣魚原則。When you remove an anti-phishing policy, the anti-phish rule and the associated anti-phish policy are removed.

在 Exchange Online PowerShell 中,您可以個別管理原則和規則。In Exchange Online PowerShell, you manage the policy and the rule separately. 如需詳細資訊,請參閱本文稍後的 使用 Exchange Online PowerShell 設定反網路釣魚原則 一節。For more information, see the Use Exchange Online PowerShell to configure anti-phishing policies section later in this article.

每個組織都有一個名為 Office365 AntiPhish 的內建反網路釣魚原則,其具有下列屬性:Every organization has a built-in anti-phishing policy named Office365 AntiPhish Default that has these properties:

  • 原則會套用至組織中的所有收件者,即使沒有反網路釣魚的規則 (收件者篩選) 與原則相關聯。The policy is applied to all recipients in the organization, even though there's no anti-phish rule (recipient filters) associated with the policy.
  • 此原則的自訂優先順序值是 最低的,表示您無法進行任何修改(此原則ㄧ律到最後才會套用)。The policy has the custom priority value Lowest that you can't modify (the policy is always applied last). 任何您建立的自訂原則皆具有較高的優先順序。Any custom policies that you create always have a higher priority.
  • 此原則是預設的 (IsDefault 屬性具有True值),且您無法刪除此項預設原則。The policy is the default policy (the IsDefault property has the value True), and you can't delete the default policy.

若要提高反網路釣魚防護的效能,您可以建立自訂的反網路釣魚原則,其套用至特定使用者或使用者群組的更嚴格設定。To increase the effectiveness of anti-phishing protection, you can create custom anti-phishing policies with stricter settings that are applied to specific users or groups of users.

開始之前有哪些須知?What do you need to know before you begin?

  • 您要在 https://protection.office.com/ 開啟安全性與合規性中心。You open the Security & Compliance Center at https://protection.office.com/. 若要直接移至 [ 反網路釣魚 ] 頁面,請使用 https://protection.office.com/antiphishingTo go directly to the Anti-phishing page, use https://protection.office.com/antiphishing.

  • 若要連線至 Exchange Online PowerShell,請參閱連線至 Exchange Online PowerShellTo connect to Exchange Online PowerShell, see Connect to Exchange Online PowerShell.

    您無法管理獨立 EOP PowerShell 中的反網路釣魚原則。You can't manage anti-phishing policies in standalone EOP PowerShell.

  • 您必須先在 Exchange Online 中指派許可權,才能執行本文中的程式:You need to be assigned permissions in Exchange Online before you can do the procedures in this article:

    • 若要新增、修改和刪除反網路釣魚原則,您必須是「 組織管理 」或「 安全性管理員 」角色群組的成員。To add, modify, and delete anti-phishing policies, you need to be a member of the Organization Management or Security Administrator role groups.
    • 若要唯讀的反網路釣魚原則存取權,您必須是 全域讀取器安全性讀取器 角色群組的成員 *For read-only access to anti-phishing policies, you need to be a member of the Global Reader or Security Reader role groups*.

    如需詳細資訊,請參閱 Exchange Online 中的權限For more information, see Permissions in Exchange Online.

    附註Notes:

    • 將使用者新增至 Microsoft 365 系統管理中心中對應的 Azure Active Directory 角色,可為使用者提供 Microsoft 365 中其他功能的必要許可權 許可權。Adding users to the corresponding Azure Active Directory role in the Microsoft 365 admin center gives users the required permissions and permissions for other features in Microsoft 365. 如需詳細資訊,請參閱系統管理員角色For more information, see About admin roles.
    • Exchange Online中的「 View-Only 組織管理」角色群組也會提供該功能的唯讀存取權 *The View-Only Organization Management role group in Exchange Online also gives read-only access to the feature*.
    • * 在 [安全性 & 規範中心] 中,唯讀存取可讓使用者查看自訂反網路釣魚原則的設定。* In the Security & Compliance Center, read-only access allows users to view the settings of custom anti-phishing policies. 唯讀使用者看不到預設反網路釣魚原則中的設定。Read-only users can't see the settings in the default anti-phishing policy.
  • 若要在獨立 EOP 中建立及修改反網路釣魚原則,您需要針對租使用者執行一些需要 分解 的專案。To create and modify anti-phishing policies in standalone EOP, you need to do something that requires hydration for your tenant. 例如,在 Exchange 系統管理中心 (EAC) 中,您可以移至 [ 許可權 ] 索引標籤,選取現有的角色群組,然後按一下 編輯 ![ 編輯圖示] ,然後移除) 最終新增回的角色 (。For example, in the Exchange admin center (EAC), you can go to the Permissions tab, select an existing role group, click Edit Edit icon, and remove a role (which you'll ultimately add back). 如果您的租使用者從未 hydrated,您會看到一個名為「 更新組織」設定 的對話方塊,其進度列應該會順利完成。If your tenant has never been hydrated, you get a dialog named Update Organization Settings with a progress bar that should complete successfully. 如需分解的詳細資訊,請參閱 Enable-OrganizationCustomization Cmdlet (無法在獨立 EOP PowerShell 或安全性 & 規範中心) 。For more information about hydration, see the Enable-OrganizationCustomization cmdlet (which isn't available in standalone EOP PowerShell or in the Security & Compliance Center).

  • 如需有關反網路釣魚原則的建議設定,請參閱 EOP 預設的反網路釣魚原則設定For our recommended settings for anti-phishing policies, see EOP default anti-phishing policy settings.

  • 允許套用更新的原則最多30分鐘。Allow up to 30 minutes for the updated policy to be applied.

  • 如需在篩選管線中套用反網路釣魚原則的相關資訊,請參閱 電子郵件保護的順序及優先順序For information about where anti-phishing policies are applied in the filtering pipeline, see Order and precedence of email protection.

使用安全性 & 規範中心建立反網路釣魚原則Use the Security & Compliance Center to create anti-phishing policies

在安全性 & 合規性中心建立自訂的反網路釣魚原則,會同時使用相同的名稱建立反網路釣魚規則和相關聯的反網路釣魚原則。Creating a custom anti-phishing policy in the Security & Compliance Center creates the anti-phish rule and the associated anti-phish policy at the same time using the same name for both.

當您建立反網路釣魚原則時,您只能指定原則名稱、描述及識別套用原則的收件者篩選器。When you create an anti-phishing policy, you can only specify the policy name, description, and the recipient filter that identifies who the policy applies to. 建立原則之後,您可以修改原則,以變更或審閱預設的反網路釣魚設定。After you create the policy, you can modify the policy to change or review the default anti-phishing settings.

  1. 在安全性 & 規範中心內,移至 威脅管理 > 原則 > 反網路釣魚In the Security & Compliance Center, go to Threat management > Policy > Anti-phishing.

  2. 在 [ 反網路釣魚 ] 頁面上,按一下 [ 建立]。On the Anti-phishing page, click Create.

  3. [ 建立新的反網路釣魚原則 ] 嚮導隨即開啟。The Create a new anti-phishing policy wizard opens. 在 [ 命名您的原則 ] 頁面上,設定下列設定:On the Name your policy page, configure the following settings:

    • 名稱:輸入原則的唯一描述性名稱。Name: Enter a unique, descriptive name for the policy.

    • 說明:輸入原則的選擇性說明。Description: Enter an optional description for the policy.

    完成後,按 [下一步]。When you're finished, click Next.

  4. 在出現的 [套用 ] 頁面上,識別套用原則的內部收件者。On the Applied to page that appears, identify the internal recipients that the policy applies to.

    您只能使用一個條件或一個例外狀況,但可以為條件或例外狀況指定多個值。You can only use a condition or exception once, but you can specify multiple values for the condition or exception. 相同條件或例外狀況的多個值使用 OR 邏輯 (例如,<recipient1><recipient2>)。Multiple values of the same condition or exception use OR logic (for example, <recipient1> or <recipient2>). 不同的條件或例外狀況則使用 AND 邏輯 (例如,<recipient1><member of group 1>)。Different conditions or exceptions use AND logic (for example, <recipient1> and <member of group 1>).

    按一下 [ 新增條件]。Click Add a condition. 在出現的下拉式清單中,選取 [ 適用于 下列條件的條件:In the dropdown that appears, select a condition under Applied if:

    • 收件者是:指定您組織中的一或多個信箱、郵件使用者或郵件連絡人。The recipient is: Specifies one or more mailboxes, mail users, or mail contacts in your organization.
    • 收件者以成員的身分存在於:指定您組織中的一或多個群組。The recipient is a member of: Specifies one or more groups in your organization.
    • 收件者網域為:指定組織中一或多個已設定公認網域中的收件者。The recipient domain is: Specifies recipients in one or more of the configured accepted domains in your organization.

    選取條件後,會出現對應的下拉式清單,其中有 其中 一個方塊。After you select the condition, a corresponding dropdown appears with an Any of these box.

    • 在方塊中按一下,並在值清單中向內移動,以選取。Click in the box and scroll through the list of values to select.
    • 按一下方塊中的 [開始輸入],以篩選清單並選取值。Click in the box and start typing to filter the list and select a value.
    • 若要新增其他值,請按一下方塊中的空白區域。To add additional values, click in an empty area in the box.
    • 若要移除個別專案, 請按一下  值上的 [移除移除圖示]。To remove individual entries, click Remove Remove icon on the value.
    • 若要移除整個條件,請按一下  條件上的 [移除移除圖示]。To remove the whole condition, click Remove Remove icon on the condition.

    若要新增其他條件,請按一下 [ 新增條件 ],然後選取 [套用 于 if 中的剩餘值]。To add an additional condition, click Add a condition and select a remaining value under Applied if.

    若要新增例外狀況,請按一下 [ 新增條件 ],然後選取 [ 除外 if] 底下的例外狀況。To add exceptions, click Add a condition and select an exception under Except if. 設定和行為就像是條件。The settings and behavior are exactly like the conditions.

    完成後,按 [下一步]。When you're finished, click Next.

  5. 在 [ 複查您的設定 ] 頁面上,複查您的設定。On the Review your settings page that appears, review your settings. 您可以按一下每個設定的 [ 編輯 ] 進行修改。You can click Edit on each setting to modify it.

    當您完成時,按一下 [ 建立這個原則]。When you're finished, click Create this policy.

  6. 在出現的確認對話方塊中,按一下 [ 確定 ]。Click OK in the confirmation dialog that appears.

使用這些一般原則設定建立反網路釣魚原則之後,請使用下一節中的指示來設定原則中的保護設定。After you create the anti-phishing policy with these general policy settings, use the instructions in the next section to configure the protection settings in the policy.

使用安全性 & 規範中心來修改反網路釣魚原則Use the Security & Compliance Center to modify anti-phishing policies

請使用下列程式修改反網路釣魚原則:您建立的新原則,或您已自訂的現有原則。Use the following procedures to modify anti-phishing policies: a new policy that you created, or existing policies that you've already customized.

  1. 如果您還沒有開啟安全性 & 規範中心,請移至 威脅管理 > 原則 > 反網路釣魚If you're not already there, open the Security & Compliance Center, and go to Threat management > Policy > Anti-phishing.

  2. 選取您要修改的自訂反網路釣魚原則。Select the custom anti-phishing policy that you want to modify. 如果已選取它,請取消選取它,然後再次選取。If it's already selected, deselect it and select it again.

  3. 隨即會顯示 [編輯您的原則 <name> ] 快顯視窗。The Edit your policy <name> flyout appears. 按一下任何區段中的 [ 編輯 ],即可存取該區段中的設定。Clicking Edit in any section gives you access to the settings in that section.

    • 下列步驟會以區段出現的順序顯示,但不依序 (您可以選取及修改所有順序) 中的區段。The following steps are presented in the order that the sections appear, but they aren't sequential (you can select and modify the sections in any order).

    • 按一下區段中的 [編輯] 之後,可用的設定會以一種方式呈現出來,但是您可以在頁面中以任何順序跳轉,您可以按一下 [儲存) ] 任何頁面 (] 或 [取消] 或 [關閉  ] [關閉] 圖示,以回到 [編輯您的 <name> 原則] (頁面。After you click Edit in a section, the available settings are presented in a wizard format, but you can jump within the pages in any order, and you can click Save on any page (or Cancel or Close Close icon to return to the Edit your policy <name> page (you aren't required to visit the last page of the wizard to save or leave).

  4. 原則設定:按一下 [ 編輯 ],修改當您在上一節中 建立原則 時可用的相同設定:Policy setting: Click Edit to modify the same settings that were available when you created the policy in the previous section:

    • 名稱Name
    • 描述Description
    • 套用對象Applied to
    • 檢查您的設定Review your settings

    完成後,按一下 [ 儲存 ] 任何頁面。When you're finished, click Save on any page.

  5. 哄騙:按一下 [ 編輯 ] 以開啟或關閉欺騙情報、在 Outlook 中開啟或關閉未驗證寄件者識別,以及設定要套用至封鎖的欺騙寄件者的郵件的動作。Spoof: Click Edit to turn spoof intelligence on or off, turn unauthenticated sender identification in Outlook on or off, and configure the action to apply to messages from blocked spoofed senders. 如需詳細資訊,請參閱 反網路釣魚原則中的欺騙設定For more information, see Spoof settings in anti-phishing policies.

    請注意,Office 365 的 Defender 網路釣魚原則也提供這些相同設定。Note that these same settings are also available in anti-phishing policies in Defender for Office 365.

    • 哄騙篩選設定:預設值為 [ 開啟],建議您將其保持開啟。Spoofing filter settings: The default value is On, and we recommend that you leave it on. 若要將它關閉,請將開關滑動至 [ 關閉]。To turn it off, slide the toggle to Off. 如需詳細資訊,請參閱 在 EOP 中設定欺騙智慧For more information, see Configure spoof intelligence in EOP.

      注意

      如果您的 MX 記錄未指向 Microsoft 365,您就不需要停用反欺騙保護;請改為啟用連接器的增強篩選。You don't need to disable anti-spoofing protection if your MX record doesn't point to Microsoft 365; you enable Enhanced Filtering for Connectors instead. 如需相關指示,請參閱 在 Exchange Online 中的連接器增強型篩選For instructions, see Enhanced Filtering for Connectors in Exchange Online.

    • 啟用未經驗證的寄件者功能:預設值為 OnEnable Unauthenticated Sender feature: The default value is On. 若要將它關閉,請將開關滑動至 [ 關閉]。To turn it off, slide the toggle to Off.

    • 動作:指定對哄騙智慧失敗的郵件採取的動作:Actions: Specify the action to take on messages that fail spoof intelligence:

      如果電子郵件是由不允許哄騙您網域的人員所傳送If email is sent by someone who's not allowed to spoof your domain:

      • 將郵件移至收件者的 [垃圾郵件] 資料夾Move message to the recipients' Junk Email folders
      • 隔離郵件Quarantine the message
    • 複查您的設定:設定會顯示在摘要中,而不是按一下每個個別步驟。Review your settings: Instead of clicking on each individual step, the settings are displayed in a summary.

      • 您可以按一下每個區段中的 [ 編輯 ],以跳回到相關頁面。You can click Edit in each section to jump back to the relevant page.

      • 您可以在此頁面 上****直接切換 下列設定:You can toggle the following settings On or Off directly on this page:

        • 啟用 antispoofing 保護Enable antispoofing protection
        • 啟用未經驗證的寄件者功能Enable Unauthenticated Sender feature

    完成後,按一下 [ 儲存 ] 任何頁面。When you're finished, click Save on any page.

  6. 回到 [編輯您的原則 <Name> ] 頁面上,複查您的設定,然後按一下 [關閉]。Back on the Edit your policy <Name> page, review your settings and then click Close.

使用安全性 & 合規性中心來修改預設的反網路釣魚原則Use the Security & Compliance Center to modify the default anti-phishing policy

預設的反網路釣魚原則命名為 Office365 AntiPhish 預設值,且不會顯示在原則清單中。The default anti-phishing policy is named Office365 AntiPhish Default, and it doesn't appear in the list of policies. 若要修改預設的反網路釣魚原則,請執行下列步驟:To modify the default anti-phishing policy, do the following steps:

  1. 在安全性 & 規範中心內,移至 威脅管理 > 原則 > 反網路釣魚In the Security & Compliance Center, go to Threat management > Policy > Anti-phishing.

  2. 在 [ 反網路釣魚 ] 頁面上,按一下 [ 預設原則]。On the Anti-phishing page, click Default policy.

  3. 隨即會顯示 [ 編輯您的原則 Office365 AntiPhish 預設 ] 頁面。The Edit your policy Office365 AntiPhish Default page appears. 下列各節可供使用,其中包含 修改自訂原則時的相同設定。The following sections are available, which contain identical settings for when you modify a custom policy.

    • 模擬Impersonation
    • 惡搞Spoof
    • 進階設定Advanced settings

    當您修改預設原則時,無法使用下列設定:The following settings aren't available when you modify the default policy:

    • 您可以看到 [ 原則設定 ] 區段和 [值],但沒有 編輯 連結,所以您無法修改設定 (原則名稱、描述,以及原則 (套用至所有收件者) ) 的原則。You can see the Policy setting section and values, but there's no Edit link, so you can't modify the settings (policy name, description, and who the policy applies to (it applies to all recipients)).
    • 您無法刪除預設原則。You can't delete the default policy.
    • 您無法變更預設原則的優先順序 (它永遠套用於最後) 。You can't change the priority of the default policy (it's always applied last).
  4. 在 [ 編輯您的原則 Office365 AntiPhish 預設 ] 頁面上,複查您的設定,然後按一下 [ 關閉]。On the Edit your policy Office365 AntiPhish Default page, review your settings and then click Close.

啟用或停用自訂的反網路釣魚原則Enable or disable custom anti-phishing policies

  1. 在安全性 & 規範中心內,移至 威脅管理 > 原則 > 反網路釣魚In the Security & Compliance Center, go to Threat management > Policy > Anti-phishing.

  2. 請注意 [ 狀態 ] 欄中的值:Notice the value in the Status column:

    • 將 [切換] 滑動至 [ 關閉 ] 以停用原則。Slide the toggle to Off to disable the policy.

    • 將切換滑動至 開啟 以啟用原則。Slide the toggle to On to enable the policy.

您無法停用預設的反網路釣魚原則。You can't disable the default anti-phishing policy.

設定自訂的反網路釣魚原則優先順序Set the priority of custom anti-phishing policies

根據預設,反網路釣魚原則的優先順序會根據它們在 (較舊的原則中所建立的順序來降低優先順序) 。By default, anti-phishing policies are given a priority that's based on the order they were created in (newer policies are lower priority than older policies). 較小的優先順序數字表示原則的優先順序較高 (0 最高),原則是依據優先順序進行處理,較高優先順序的原則會在較低優先順序的原則前面進行處理。A lower priority number indicates a higher priority for the policy (0 is the highest), and policies are processed in priority order (higher priority policies are processed before lower priority policies). 不論有幾個原則,都不會具有相同的優先順序,且在套用第一個原則之後,原則處理就會停止。No two policies can have the same priority, and policy processing stops after the first policy is applied.

如需更多有關優先的排序及如何評估和應用多項原則,請參照 電子郵件保護的順序和優先順序For more information about the order of precedence and how multiple policies are evaluated and applied, see Order and precedence of email protection.

自訂的反網路釣魚原則會以處理的順序顯示, (第一個原則的 Priority 值為 0) 。Custom anti-phishing policies are displayed in the order they're processed (the first policy has the Priority value 0). 預設的反網路釣魚原則(名為 Office365 AntiPhish Default)的自訂優先順序值是 最低 的,您無法變更它。The default anti-phishing policy named Office365 AntiPhish Default has the custom priority value Lowest, and you can't change it.

附注:在 [安全性 & 規範中心] 中,您只能在建立反網路釣魚原則之後變更其優先順序。Note: In the Security & Compliance Center, you can only change the priority of the anti-phishing policy after you create it. 在 PowerShell 中,您可以在建立反網路釣魚規則時覆寫預設優先順序 (這會影響現有規則) 的優先順序。In PowerShell, you can override the default priority when you create the anti-phish rule (which can affect the priority of existing rules).

若要變更原則的優先順序,您可以按一下 [ 增加優先順序 ] 或 [ 降低優先順序 ] 中的原則 (您無法直接修改安全性 & 規範中心) 中的 優先順序 號碼。To change the priority of a policy, you click Increase priority or Decrease priority in the properties of the policy (you can't directly modify the Priority number in the Security & Compliance Center). 如果您有多個原則,變更原則的優先順序只會有意義。Changing the priority of a policy only makes sense if you have multiple policies.

  1. 在安全性 & 規範中心內,移至 威脅管理 > 原則 > ATP 反網路釣魚In the Security & Compliance Center, go to Threat management > Policy > ATP anti-phishing.

  2. 選取您要修改的原則。Select the policy that you want to modify. 如果已選取它,請取消選取它,然後再次選取。If it's already selected, deselect it and select it again.

  3. 隨即會顯示 [編輯您的原則 <name> ] 快顯視窗。The Edit your policy <name> flyout appears.

    • 優先順序 值為 0 的自訂反網路釣魚原則只有「降低優先順序」按鈕可用。The custom anti-phishing policy with the Priority value 0 has only the Decrease priority button available.

    • 具有最低 優先順序 值的自訂反網路釣魚原則 (例如, 3) 只有 [ 增加優先順序 ] 按鈕可用。The custom anti-phishing policy with the lowest Priority value (for example, 3) has only the Increase priority button available.

    • 如果您有三個或多個自訂的反網路釣魚原則,則最高和最低優先順序值之間的原則都有可用的 [ 增加優先順序 ] 和 [ 降低優先順序 ] 按鈕。If you have three or more custom anti-phishing policies, policies between the highest and lowest priority values have both the Increase priority and Decrease priority buttons available.

  4. 按一下 [ 增加優先順序 ] 或 [ 降低優先順序 ] 以變更 [ 優先順序 ] 值。Click Increase priority or Decrease priority to change the Priority value.

  5. 完成時,請按一下 [關閉]。When you're finished, click Close.

使用安全性 & 規範中心來查看反網路釣魚原則Use the Security & Compliance Center to view anti-phishing policies

  1. 在安全性 & 規範中心,然後移至 威脅管理 > 原則 > 反網路釣魚In the Security & Compliance Center, and go to Threat management > Policy > Anti-phishing.

  2. 請執行下列其中一個步驟:Do one of the following steps:

    • 選取您要查看的自訂反網路釣魚原則。Select a custom anti-phishing policy that you want to view. 如果已選取它,請取消選取它,然後再次選取。If it's already selected, deselect it and select it again.

    • 按一下 [ 預設原則 ] 以查看預設的反網路釣魚原則。Click Default policy to view the default anti-phishing policy.

  3. 此時會出現 [編輯您的原則 <name> ] 快顯視窗,您可以在其中查看設定和值。The Edit your policy <name> flyout appears, where you can view the settings and values.

使用安全性 & 規範中心移除反網路釣魚原則Use the Security & Compliance Center to remove anti-phishing policies

  1. 在安全性 & 規範中心內,移至 威脅管理 > 原則 > 反網路釣魚In the Security & Compliance Center, go to Threat management > Policy > Anti-phishing.

  2. 選取您要移除的原則。Select the policy that you want to remove. 如果已選取它,請取消選取它,然後再次選取。If it's already selected, deselect it and select it again.

  3. 在出現的 [編輯 <name> 您的原則] 浮出視窗中,按一下 [刪除原則],然後在出現的警告對話方塊中按一下 [是]In the Edit your policy <name> flyout that appears, click Delete policy, and then click Yes in the warning dialog that appears.

您無法移除預設原則。You can't remove the default policy.

使用 Exchange Online PowerShell 設定反網路釣魚原則Use Exchange Online PowerShell to configure anti-phishing policies

如先前所述,反網路釣魚原則是由反網路釣魚原則和反網路釣魚規則所組成。As previously described, an anti-phishing policy consists of an anti-phish policy and an anti-phish rule.

在 Exchange Online PowerShell 中,反網路釣魚原則和反網路釣魚規則之間的差異很明顯。In Exchange Online PowerShell, the difference between anti-phish policies and anti-phish rules is apparent. 您可以使用 * -AntiPhishPolicy Cmdlet 來管理反網路釣魚原則,並使用 * -AntiPhishRule Cmdlet 來管理反網路釣魚規則。You manage anti-phish policies by using the *-AntiPhishPolicy cmdlets, and you manage anti-phish rules by using the *-AntiPhishRule cmdlets.

  • 在 PowerShell 中,您先建立反網路釣魚原則,然後建立反網路釣魚規則,識別套用規則的原則。In PowerShell, you create the anti-phish policy first, then you create the anti-phish rule that identifies the policy that the rule applies to.
  • 在 PowerShell 中,您可以修改反網路釣魚原則和反網路釣魚規則中的設定。In PowerShell, you modify the settings in the anti-phish policy and the anti-phish rule separately.
  • 當您從 PowerShell 中移除反網路釣魚原則時,不會自動移除對應的反網路釣魚規則,反之亦然。When you remove an anti-phish policy from PowerShell, the corresponding anti-phish rule isn't automatically removed, and vice versa.

注意

下列 PowerShell 程式無法在獨立 EOP 組織中使用 Exchange Online Protection PowerShell。The following PowerShell procedures aren't available in standalone EOP organizations using Exchange Online Protection PowerShell.

使用 PowerShell 建立反網路釣魚原則Use PowerShell to create anti-phishing policies

在 PowerShell 中建立反網路釣魚原則的程式分為兩個步驟:Creating an anti-phishing policy in PowerShell is a two-step process:

  1. 建立反網路釣魚原則。Create the anti-phish policy.
  2. 建立反網路釣魚規則,以指定套用規則的反網路釣魚原則。Create the anti-phish rule that specifies the anti-phish policy that the rule applies to.

附註Notes:

  • 您可以建立新的反網路釣魚規則,並將現有的、未關聯的反網路釣魚原則指派給它。You can create a new anti-phish rule and assign an existing, unassociated anti-phish policy to it. 反網路釣魚規則無法與一個以上的反網路釣魚原則相關聯。An anti-phish rule can't be associated with more than one anti-phish policy.

  • 您可以在 PowerShell 中為安全性 & 相容性中心以外的新反網路釣魚原則設定下列設定,直到您建立原則為止:You can configure the following settings on new anti-phish policies in PowerShell that aren't available in the Security & Compliance Center until after you create the policy:

    • $false AntiPhishRule Cmdlet) 上,建立新原則做為已停用 (。Create the new policy as disabled (Enabled $false on the New-AntiPhishRule cmdlet).
    • <Number> AntiPhishRule Cmdlet) 上建立 (優先順序) 時,設定原則的優先順序。Set the priority of the policy during creation (Priority <Number>) on the New-AntiPhishRule cmdlet).
  • 在您指派原則至反網路釣魚規則之前,您在 PowerShell 中所建立的新反網路釣魚原則不會顯示在安全性 & 規範中心。A new anti-phish policy that you create in PowerShell isn't visible in the Security & Compliance Center until you assign the policy to an anti-phish rule.

步驟1:使用 PowerShell 建立反網路釣魚原則Step 1: Use PowerShell to create an anti-phish policy

若要建立反網路釣魚原則,請使用下列語法:To create an anti-phish policy, use this syntax:

New-AntiPhishPolicy -Name "<PolicyName>" [-AdminDisplayName "<Comments>"] [-EnableSpoofIntelligence <$true | $false>] [-AuthenticationFailAction <MoveToJmf | Quarantine>] [-EnableUnauthenticatedSender <$true | $false>]

此範例會使用下列設定來建立名為「調查隔離隔離」的反網路釣魚策略:This example creates an anti-phish policy named Research Quarantine with the following settings:

  • 描述為:「調研部門原則」。The description is: Research department policy.
  • 將哄騙的預設動作變更為「隔離」。Changes the default action for spoofing to Quarantine.
New-AntiPhishPolicy -Name "Monitor Policy" -AdminDisplayName "Research department policy" -AuthenticationFailAction Quarantine

如需詳細的語法及參數資訊,請參閱 AntiPhishPolicyFor detailed syntax and parameter information, see New-AntiPhishPolicy.

步驟2:使用 PowerShell 建立反網路釣魚規則Step 2: Use PowerShell to create an anti-phish rule

若要建立反網路釣魚規則,請使用下列語法:To create an anti-phish rule, use this syntax:

New-AntiPhishRule -Name "<RuleName>" -AntiPhishPolicy "<PolicyName>" <Recipient filters> [<Recipient filter exceptions>] [-Comments "<OptionalComments>"]

在這個範例中,會建立一個名為「調查部門」的反網路釣魚規則,條件如下:This example creates an anti-phish rule named Research Department with the following conditions:

  • 此規則會與名為「調查隔離隔離」的反網路釣魚原則相關聯。The rule is associated with the anti-phish policy named Research Quarantine.
  • 此規則適用於名為 Research Department 之群組的成員。The rule applies to members of the group named Research Department.
  • 因為我們沒有使用 priority 參數,所以會使用預設的優先順序。Because we aren't using the Priority parameter, the default priority is used.
New-AntiPhishRule -Name "Research Department" -AntiPhishPolicy "Research Quarantine" -SentToMemberOf "Research Department"

如需詳細的語法及參數資訊,請參閱 AntiPhishRuleFor detailed syntax and parameter information, see New-AntiPhishRule.

使用 PowerShell 來查看反網路釣魚原則Use PowerShell to view anti-phish policies

若要查看現有的反網路釣魚原則,請使用下列語法:To view existing anti-phish policies, use the following syntax:

Get-AntiPhishPolicy [-Identity "<PolicyIdentity>"] [| <Format-Table | Format-List> <Property1,Property2,...>]

此範例會傳回所有反網路釣魚原則的摘要清單及指定的屬性。This example returns a summary list of all anti-phish policies along with the specified properties.

Get-AntiPhishPolicy | Format-Table Name,IsDefault

此範例會傳回名為「主管人員」之反網路釣魚原則的所有屬性值。This example returns all the property values for the anti-phish policy named Executives.

Get-AntiPhishPolicy -Identity "Executives"

如需詳細的語法及參數資訊,請參閱 AntiPhishPolicyFor detailed syntax and parameter information, see Get-AntiPhishPolicy.

使用 PowerShell 來查看反網路釣魚規則Use PowerShell to view anti-phish rules

若要查看現有的反網路釣魚規則,請使用下列語法:To view existing anti-phish rules, use the following syntax:

Get-AntiPhishRule [-Identity "<RuleIdentity>"] [-State <Enabled | Disabled] [| <Format-Table | Format-List> <Property1,Property2,...>]

此範例會傳回所有反網路釣魚規則的摘要清單及指定的屬性。This example returns a summary list of all anti-phish rules along with the specified properties.

Get-AntiPhishRule | Format-Table Name,Priority,State

若要依啟用或停用篩選規則的清單,請執行下列命令:To filter the list by enabled or disabled rules, run the following commands:

Get-AntiPhishRule -State Disabled | Format-Table Name,Priority
Get-AntiPhishRule -State Enabled | Format-Table Name,Priority

此範例會傳回名為 Contoso 主管的反網路釣魚規則的所有屬性值。This example returns all the property values for the anti-phish rule named Contoso Executives.

Get-AntiPhishRule -Identity "Contoso Executives"

如需詳細的語法及參數資訊,請參閱 AntiPhishRuleFor detailed syntax and parameter information, see Get-AntiPhishRule.

使用 PowerShell 修改反網路釣魚原則Use PowerShell to modify anti-phish policies

除了下列專案之外,當您在 PowerShell 中修改反網路釣魚原則時,如您在建立原則時,依照 步驟1:使用 PowerShell 建立反網路釣魚原則 中所述,您可以在本文中修改反網路釣魚原則時,使用相同設定。Other than the following items, the same settings are available when you modify an anti-phish policy in PowerShell as when you create a policy as described in Step 1: Use PowerShell to create an anti-phish policy earlier in this article.

  • MakeDefault 參數會將指定的原則轉換成預設原則 (套用至每個使用者,永遠 最低 的優先順序,而且您無法刪除只有當您在 PowerShell 中修改反網路釣魚原則時,才可使用此參數) 。The MakeDefault switch that turns the specified policy into the default policy (applied to everyone, always Lowest priority, and you can't delete it) is only available when you modify an anti-phish policy in PowerShell.

  • 您無法重新命名反網路釣魚原則 (AntiPhishPolicy 指令程式沒有 Name 參數) 。You can't rename an anti-phish policy (the Set-AntiPhishPolicy cmdlet has no Name parameter). 當您在安全性 & 合規性中心重新命名防網路釣魚原則時,您只是重新命名反網路釣魚 規則When you rename an anti-phishing policy in the Security & Compliance Center, you're only renaming the anti-phish rule.

若要修改反網路釣魚原則,請使用下列語法:To modify an anti-phish policy, use this syntax:

Set-AntiPhishPolicy -Identity "<PolicyName>" <Settings>

如需詳細的語法及參數資訊,請參閱 Set-AntiPhishPolicyFor detailed syntax and parameter information, see Set-AntiPhishPolicy.

使用 PowerShell 修改反網路釣魚規則Use PowerShell to modify anti-phish rules

當您在 PowerShell 中修改反網路釣魚規則時,唯一可用的設定是 Enabled 參數,可讓您建立已停用的規則。The only setting that's not available when you modify an anti-phish rule in PowerShell is the Enabled parameter that allows you to create a disabled rule. 若要啟用或停用現有的反網路釣魚規則,請參閱下一節。To enable or disable existing anti-phish rules, see the next section.

否則,當您建立一個規則時,當您在本文稍早 [使用 步驟2:使用 PowerShell 建立反網路釣魚規則 ] 區段所述時,就可以使用相同的設定。Otherwise, the same settings are available when you create a rule as described in the Step 2: Use PowerShell to create an anti-phish rule section earlier in this article.

若要修改反網路釣魚規則,請使用下列語法:To modify an anti-phish rule, use this syntax:

Set-AntiPhishRule -Identity "<RuleName>" <Settings>

如需詳細的語法及參數資訊,請參閱 Set-AntiPhishRuleFor detailed syntax and parameter information, see Set-AntiPhishRule.

使用 PowerShell 來啟用或停用反網路釣魚規則Use PowerShell to enable or disable anti-phish rules

啟用或停用 PowerShell 中的反網路釣魚規則,可啟用或停用反網路釣魚規則和指派的反網路釣魚原則) (的整個反網路釣魚原則。Enabling or disabling an anti-phish rule in PowerShell enables or disables the whole anti-phishing policy (the anti-phish rule and the assigned anti-phish policy). 您無法啟用或停用預設的反網路釣魚原則 (它永遠套用至所有收件者) 。You can't enable or disable the default anti-phishing policy (it's always applied to all recipients).

若要啟用或停用 PowerShell 中的反網路釣魚規則,請使用下列語法:To enable or disable an anti-phish rule in PowerShell, use this syntax:

<Enable-AntiPhishRule | Disable-AntiPhishRule> -Identity "<RuleName>"

本範例會停用名為「行銷部門」的反網路釣魚規則。This example disables the anti-phish rule named Marketing Department.

Disable-AntiPhishRule -Identity "Marketing Department"

此範例會啟用相同規則。This example enables same rule.

Enable-AntiPhishRule -Identity "Marketing Department"

如需詳細的語法及參數資訊,請參閱 Enable-AntiPhishRuleDisable-AntiPhishRuleFor detailed syntax and parameter information, see Enable-AntiPhishRule and Disable-AntiPhishRule.

使用 PowerShell 設定反網路釣魚規則的優先順序Use PowerShell to set the priority of anti-phish rules

您可以對規則設定的最高優先順序值為 0。The highest priority value you can set on a rule is 0. 您可以設定的最低值則取決於規則的數目。The lowest value you can set depends on the number of rules. 例如,如果您有五個規則,則您可以使用 0 到 4 的優先順序值。For example, if you have five rules, you can use the priority values 0 through 4. 變更現有規則的優先順序會對其他規則造成階層式影響。Changing the priority of an existing rule can have a cascading effect on other rules. 例如,如果您有五個自訂規則 (優先順序 0 到 4),而您將規則的優先順序變更為 2,則優先順序為 2 的現有規則會變更為優先順序 3,優先順序 3 的規則會變更為優先順序 4。For example, if you have five custom rules (priorities 0 through 4), and you change the priority of a rule to 2, the existing rule with priority 2 is changed to priority 3, and the rule with priority 3 is changed to priority 4.

若要設定 PowerShell 中的反網路釣魚規則優先順序,請使用下列語法:To set the priority of an anti-phish rule in PowerShell, use the following syntax:

Set-AntiPhishRule -Identity "<RuleName>" -Priority <Number>

此範例會將規則 (名稱為 Marketing Department) 的優先順序設定為 2。This example sets the priority of the rule named Marketing Department to 2. 優先順序小於或等於 2 的所有現有規則會減 1 (它們的優先順序數字會加 1)。All existing rules that have a priority less than or equal to 2 are decreased by 1 (their priority numbers are increased by 1).

Set-AntiPhishRule -Identity "Marketing Department" -Priority 2

附註Notes:

  • 若要在建立新規則時設定其優先順序,請改用 AntiPhishRule Cmdlet 上的 priority 參數。To set the priority of a new rule when you create it, use the Priority parameter on the New-AntiPhishRule cmdlet instead.

  • 預設的反網路釣魚原則沒有相對應的反網路釣魚規則,而且它永遠具有不可修改的優先順序 值。The default anti-phish policy doesn't have a corresponding anti-phish rule, and it always has the unmodifiable priority value Lowest.

使用 PowerShell 移除反網路釣魚原則Use PowerShell to remove anti-phish policies

當您使用 PowerShell 來移除反網路釣魚原則時,並不會移除對應的反網路釣魚規則。When you use PowerShell to remove an anti-phish policy, the corresponding anti-phish rule isn't removed.

若要在 PowerShell 中移除反網路釣魚原則,請使用下列語法:To remove an anti-phish policy in PowerShell, use this syntax:

Remove-AntiPhishPolicy -Identity "<PolicyName>"

此範例會移除名為「行銷部門」的反網路釣魚原則。This example removes the anti-phish policy named Marketing Department.

Remove-AntiPhishPolicy -Identity "Marketing Department"

如需詳細的語法及參數資訊,請參閱 Remove-AntiPhishPolicyFor detailed syntax and parameter information, see Remove-AntiPhishPolicy.

使用 PowerShell 移除反網路釣魚規則Use PowerShell to remove anti-phish rules

當您使用 PowerShell 來移除反網路釣魚規則時,並不會移除對應的反網路釣魚原則。When you use PowerShell to remove an anti-phish rule, the corresponding anti-phish policy isn't removed.

若要在 PowerShell 中移除反網路釣魚規則,請使用下列語法:To remove an anti-phish rule in PowerShell, use this syntax:

Remove-AntiPhishRule -Identity "<PolicyName>"

此範例會移除名為「行銷部門」的反網路釣魚規則。This example removes the anti-phish rule named Marketing Department.

Remove-AntiPhishRule -Identity "Marketing Department"

如需詳細的語法及參數資訊,請參閱 Remove-AntiPhishRuleFor detailed syntax and parameter information, see Remove-AntiPhishRule.

如何知道這些程序是否正常運作?How do you know these procedures worked?

若要確認您是否已在 Microsoft Defender for Office 365 中成功設定反網路釣魚原則,請執行下列任一步驟:To verify that you've successfully configured anti-phishing policies in Microsoft Defender for Office 365, do any of the following steps:

  • 在安全性 & 規範中心內,移至 威脅管理 > 原則 > 反網路釣魚In the Security & Compliance Center, go to Threat management > Policy > Anti-phishing. 請確認原則的清單、其 狀態 值,以及其 優先順序 值。Verify the list of policies, their Status values, and their Priority values. 若要查看更多詳細資料,請執行下列其中一個步驟:To view more details do either of the following steps:

    • 從清單中選取原則,然後在飛入的視窗中查看詳細資料。Select the policy from the list, and view the details in the flyout.
    • 按一下 [ 預設原則 ],然後在飛入的視窗中查看詳細資料。Click Default policy and view the details in the flyout.
  • 在 Exchange Online PowerShell 中, <Name> 以原則或規則的名稱取代,執行下列命令,然後確認設定:In Exchange Online PowerShell, replace <Name> with the name of the policy or rule, run the following command, and verify the settings:

    Get-AntiPhishPolicy -Identity "<Name>"
    
    Get-AntiPhishRule -Identity "<Name>"