Hello and welcome back. In this demonstration here, what I'm gonna do is show you how to create an anti-phishing policy in Microsoft Defender for Office 365. Now I'm logged into my Office 365 Security and Compliance Center at theprotection.office.com URL. And I'm logged in as a global administrator. To create policies, what I need to do is go down here under Threat Management and select Policy.

Now from this threat policies page, we can create anti-phishing policies, safe attachments, safe links. We can configure anti-spam and anti-malware. What we're gonna do in this quick demonstration here is go through and create an anti-phishing policy. So we'll go ahead and select anti-phishing. Now what we can do from here is if we select default policy, we can see the default policy that's already been applied to the organization. Notice I can't do anything with this policy in terms of decreasing or increasing its priority, nor can I delete it, what I can do however is make some changes to impersonation, to spoofing settings to my advanced settings.

So I can make some changes to the policy, but I can't increase its priority, decrease its priority or delete it. That's because it's the default policy. What we'll do here is we'll close this. And instead, what I want to do is just run through the process of creating a custom anti-phishing policy.

Now, before we get started, I just want to make sure that you understand that the anti-phishing policies, these policies are used to protect your users from impersonation and spoofing attacks. So let's go ahead and click the create button here and create our new policy. And you can see here, there's not a ton of information you have to supply, but we do need to give our policy a name. And if I click on the icon here, this gives me an explanation of some naming information. And what we'll do here is we'll call this my anti-phishing policy. And for description, I'll just call it my policy. Description's not necessary. It's not required.

We'll go ahead and click next. And then what we need to do here is define the recipients or domains in my organization that this anti-phishing policy is going to either apply to or going to exclude. So if we select the Add a Condition dropdown, we can specify when it's applied. And it's, we have a couple options here, if the recipient is, if the recipient's a member of or the recipient domain is, and then basically the same thing for exceptions.

So for this exercise, we'll specify our berksbatteries.com domain, which is the domain for this organization in Office 365 here. So we'll select the recipient domain is, and then we'll choose berksbatteries.com. So now what we're doing is we're applying this anti-phishing policy to anyone in the berksbatteries.com domain. Now we'll go ahead and click next. And what we can do here is review our settings. So we'll go ahead and create the policy. We'll okay it and now we can see the default policy is now listed.

We can also see that it's enabled. So now if I open this up and now what we can do here is edit the policy settings, impersonation settings, spoofing, and advanced settings here. We can see under policy setting, it tells us here that we are applying this if the recipient domain is berksbatteries.com. Now we can see here we're not doing any impersonation protection. So if we click edit here, we can see here that Microsoft recommends that you protect some of the high value targets, the CEO, CFO, and senior leaders.

Essentially, you want to make sure that if an email comes in, that looks like it's from one of your top users like your CFO or CEO. If it comes in as an impersonation, you want that stuff to be blocked. And that's what this does here. So we'll go ahead and cancel this. We're not gonna do any impersonation policy here. Yes and then same thing down here for spoofing. We can see spoof intelligence is on and we can also see if an email comes in as potentially spoofed, it goes into junk folders. So let's go ahead and close this out. And that is how you create an anti-phishing policy in Microsoft Defender for Office 365.