Stop Phishing Emails Before They Hit Your Inbox
Cybercriminals still rely on phishing more than any other tactic to trick employees and gain access to business systems.
Hackers don’t break in. They log in using stolen credentials from phishing emails. One click on a fake invoice or login page is all it takes. If you’re running a business, especially with Microsoft 365, your inbox is the front line. This week’s tip shows how to shut that door fast.
What To Do: Harden Your Microsoft 365 Anti-Phishing Policy
Microsoft 365 has strong phishing filters, but many organizations leave them at default. That’s not enough. Here’s how to tighten protection:
- Log into Microsoft 365 Security Center
Go to security.microsoft.com using an account with Security Admin or Global Admin rights. - Open Threat Policies
From the left menu, go to:
Email & collaboration > Policies & rules > Threat policies - Open Anti-Phishing Settings
Under Policies, click Anti-phishing. You’ll see your existing policies or have the option to create a new one. - Create a New Policy or Edit the Default
- Click + Create to build a new policy
- Or click into the Default policy to enhance it
- Name the policy and assign it to key users or groups
- Add Targeted Users
In the “Users to protect” section:- Add executives, finance, and HR users
- These are the most commonly impersonated
- Configure Impersonation Protection
Under “Impersonation settings”:- Add domains and users to watch for impersonation
- Microsoft will flag and filter emails that look like they come from these sources
- Enable Mailbox Intelligence
- Turn this on under Mailbox Intelligence settings
- It helps detect unusual sender behavior based on past communication patterns
- Turn on Spoof Intelligence
- Found under Spoof settings
- Blocks senders who fake trusted external domains or internal addresses
- Set Action Policies
For flagged phishing attempts:- Set to move to Quarantine
- Optionally, alert admins or notify the user with a warning banner
- Review Policy Priority and Apply
- If you have multiple policies, ensure the right priority is set
- Click Submit to activate your changes
Why It Matters
- 90% of successful cyberattacks start with phishing
- Small businesses are 3x more likely to be targeted due to weaker defenses
- Microsoft’s default settings do not cover impersonation or VIP users
These settings create a second layer of defense. If attackers spoof your domain or send fake executive emails, this catches them early.
Extra Tip: Add External Email Warnings
Train users with visual cues. Add a banner to all emails from outside your organization. Example:
“CAUTION: This email originated outside the company. Do not click links or open attachments unless you recognize the sender.”
This one line trains your users without the need for constant reminders.
Action Steps
- Set a calendar reminder to review anti-phishing policies quarterly
- Train your team on how to report suspicious emails
- Pair technical controls with user awareness
Need Help Locking This Down?
SOClogix offers a full Microsoft 365 and email cyber audit. We will:
- Review your current threat protection policies
- Check for gaps in user impersonation and spoofing settings
- Assess risks across mail flow, inbox rules, and admin roles
- Give you a short, actionable report with fixes that matter
Schedule your audit. One conversation could stop the next breach.
Next Week:
We’ll show you how to block ransomware using a simple Microsoft Defender setting.
