How to Tune Anti-Spam and Anti-Phishing Policies in Microsoft 365

Description

CloudFilter handles the filtering of email messages sent to and from the Microsoft 365 tenant. While CloudFilter performs most of the filtering work, Microsoft 365 still plays a key role—it's responsible for the final delivery of incoming messages to mailboxes and is the starting point for sending outgoing messages. As a result, the configuration settings within Microsoft 365 can have a significant impact on email deliverability. For tenants experiencing a high number of quarantined messages within the Microsoft 365 tenant, it's recommended to fine-tune the anti-spam and anti-phishing policies within Microsoft 365.

How to Modify Anti-Spam and Anti-Phishing Policies in Microsoft 365

Sign in to Microsoft 365 Defender

Go to: https://security.microsoft.com

Use an account with Security Administrator or Global Administrator rights.

Modify Anti-Spam Policies

1. Navigate to Anti-Spam Policies

   • From the left-hand menu:
     Email & collaboration → Policies & rules → Threat policies

   • Under Policies, click Anti-spam policies.

2. Edit or Create a Policy

   • Click on the default policy (Microsoft-managed) to view its settings, or

   • Click + Create policy to make a custom one (inbound or outbound).

3. Configure Key Settings

   • Spam filtering settings – Set thresholds for spam, high confidence spam, bulk email, etc.

   • Actions – Choose what to do with spam (move to junk, quarantine, delete).

   • Recipient filters – Specify who the policy applies to (users, groups, domains).

   • Advanced options – Enable protections like SPF/DKIM/DMARC enforcement and NDR handling.

4. Save Your Changes

Modify Anti-Phishing Policies

1. Navigate to Anti-Phishing Policies

   • Still in Threat policies, click Anti-phishing policies.

2. Edit or Create a Policy

   • You’ll see the Default policy (read-only).

   • Click + Create policy or select an existing custom policy to edit.

3. Configure Key Settings

   • User impersonation protection – Add executives or VIP users to protect from spoofing.

   • Domain impersonation protection – Add internal and trusted domains.

   • Mailbox intelligence – Uses behavioral patterns to detect anomalies.

   • Actions – Decide how to handle phishing attempts (quarantine, junk, etc.).

   • Apply to – Choose users, groups, or domains this policy will affect.

4. Save and Apply the Policy

Additional guidance is provided by Microsoft: anti-spam | anti-phishing.

Getting Help

To receive consultation about applying anti-spam and anti-phishing policies in your Microsoft 365 tenant, please contact the Partner Success team. 

Updated May 15, 2025 19:40