Anti-Phishing Mailtips Check [CHK-1058]
This check verifies if anti-phishing Mailtips are enabled in Outlook.
Rationale
Mailtips are warning messages that alert users to potential phishing attempts in emails. They are triggered by certain characteristics, such as unfamiliar senders, similar domain names, similar usernames, and unusual characters in the email address.
Fix
An automated fix is available through Attic.
Manual steps:
- Navigate to the Defender for Office 365 portal.
- Select "Email and collaboration" from the left-hand menu.
- Select "Policies and rules" from the left-hand menu.
- Select "Threat policies".
- Select "Anti-phishing".
- Select the default policy.
- Click on "Edit protection settings".
- Under "Safety tips & indicators", enable the desired mailtips. Available options depend on your Defender license.
- Click on "Save" to apply the changes.
Impact
Enabling Mailtips increases user awareness of potential phishing attempts, enhancing the organization's overall cybersecurity posture.
More Information
For more details, refer to the Microsoft Defender for Office 365 portal.