DEMO: Configure Anti-Phishing
Start course

This course shows how to set up Microsoft Defender for Microsoft 365 through a series of practical demonstrations from the Microsoft 365 platform. You will learn about some general cybersecurity practices before being shown how Microsoft Defender can help you implement them.

Learning Objectives

  • Understand how to protect against phishing, malware, and spam using Microsoft Defender
  • Learn about safe links and safe attachments and configure them
  • Learn how to enable zero-day malware protection

Intended Audience

This course is intended for those who wish to learn how to configure protection in Microsoft Defender for Office 365.


To get the most out of this course, you should have a basic understanding of Microsoft 365.


Hello and welcome back. In this demonstration here, what I'm gonna do is show you how to create an anti-phishing policy in Microsoft Defender for Office 365. Now I'm logged into my Office 365 Security and Compliance Center at URL. And I'm logged in as a global administrator. To create policies, what I need to do is go down here under Threat Management and select Policy.

Now from this threat policies page, we can create anti-phishing policies, safe attachments, safe links. We can configure anti-spam and anti-malware. What we're gonna do in this quick demonstration here is go through and create an anti-phishing policy. So we'll go ahead and select anti-phishing. Now what we can do from here is if we select default policy, we can see the default policy that's already been applied to the organization. Notice I can't do anything with this policy in terms of decreasing or increasing its priority, nor can I delete it, what I can do however is make some changes to impersonation, to spoofing settings to my advanced settings.

So I can make some changes to the policy, but I can't increase its priority, decrease its priority or delete it. That's because it's the default policy. What we'll do here is we'll close this. And instead, what I want to do is just run through the process of creating a custom anti-phishing policy.

Now, before we get started, I just want to make sure that you understand that the anti-phishing policies, these policies are used to protect your users from impersonation and spoofing attacks. So let's go ahead and click the create button here and create our new policy. And you can see here, there's not a ton of information you have to supply, but we do need to give our policy a name. And if I click on the icon here, this gives me an explanation of some naming information. And what we'll do here is we'll call this my anti-phishing policy. And for description, I'll just call it my policy. Description's not necessary. It's not required.

We'll go ahead and click next. And then what we need to do here is define the recipients or domains in my organization that this anti-phishing policy is going to either apply to or going to exclude. So if we select the Add a Condition dropdown, we can specify when it's applied. And it's, we have a couple options here, if the recipient is, if the recipient's a member of or the recipient domain is, and then basically the same thing for exceptions.

So for this exercise, we'll specify our domain, which is the domain for this organization in Office 365 here. So we'll select the recipient domain is, and then we'll choose So now what we're doing is we're applying this anti-phishing policy to anyone in the domain. Now we'll go ahead and click next. And what we can do here is review our settings. So we'll go ahead and create the policy. We'll okay it and now we can see the default policy is now listed.

We can also see that it's enabled. So now if I open this up and now what we can do here is edit the policy settings, impersonation settings, spoofing, and advanced settings here. We can see under policy setting, it tells us here that we are applying this if the recipient domain is Now we can see here we're not doing any impersonation protection. So if we click edit here, we can see here that Microsoft recommends that you protect some of the high value targets, the CEO, CFO, and senior leaders.

Essentially, you want to make sure that if an email comes in, that looks like it's from one of your top users like your CFO or CEO. If it comes in as an impersonation, you want that stuff to be blocked. And that's what this does here. So we'll go ahead and cancel this. We're not gonna do any impersonation policy here. Yes and then same thing down here for spoofing. We can see spoof intelligence is on and we can also see if an email comes in as potentially spoofed, it goes into junk folders. So let's go ahead and close this out. And that is how you create an anti-phishing policy in Microsoft Defender for Office 365.

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.