ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-500 All Questions

View all questions & answers for the MS-500 exam
Go to Exam

Exam MS-500 topic 2 question 13 discussion

Actual exam question from Microsoft's MS-500
Question #: 13
Topic #: 2
[All MS-500 Questions]

SIMULATION -
You need to protect against phishing attacks. The solution must meet the following requirements:
✑ Phishing email messages must be quarantined if the messages are sent from a spoofed domain.
✑ As many phishing email messages as possible must be identified.
The solution must apply to the current SMTP domain names and any domain names added later.
To complete this task, sign in to the Microsoft 365 admin center.

Show Suggested Answer Hide Answer
Suggested Answer: See explanation below.
1. After signing in to the Microsoft 365 admin center, select Security, Threat Management, Policy, then ATP Anti-phishing.
2. Select Default Policy to refine it.
3. In the Impersonation section, select Edit.
4. Go to Add domains to protect and select the toggle to automatically include the domains you own.
5. Go to Actions, open the drop-down If email is sent by an impersonated user, and choose the Quarantine message action.
Open the drop-down If email is sent by an impersonated domain and choose the Quarantine message action.
6. Select Turn on impersonation safety tips. Choose whether tips should be provided to users when the system detects impersonated users, domains, or unusual characters. Select Save.
7. Select Mailbox intelligence and verify that it's turned on. This allows your email to be more efficient by learning usage patterns.
8. Choose Add trusted senders and domains. Here you can add email addresses or domains that shouldn't be classified as an impersonation.
9. Choose Review your settings, make sure everything is correct, select Save, then Close.
Reference:
https://support.office.com/en-us/article/protect-against-phishing-attempts-in-microsoft-365-86c425e1-1686-430a-9151-f7176cce4f2c#ID0EAABAAA=Try_it
!
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-anti-phishing-policies?view=o365-worldwide#example-anti-phishing-policy-to- protect-a-user-and-a-domain
by Oz at Aug. 20, 2020, 5:37 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Oz
Highly Voted 4 years, 8 months ago
To meet the second requirement, it is necessary in Default Antiphishing policy settings to scroll down and find Advanced settings. Edit it and set Advanced phishing threshold to "Most Aggressive" instead of "Standard"
upvoted 16 times
...
w00t
Highly Voted 4 years, 1 month ago
* Phishing email messages must be quarantined if the messages are sent from a spoofed domain. * AS MANY phishing email messages AS POSSIBLE must be identified. Default Policy * Impersonation -> Edit * Add domains to protect -> Automatically Include the Domains I own -> ON * Actions -> If email is sent by an impersonated user: QUARANTINE * Actions -> If email is sent by an impersonated domain: QUARANTINE * Mailbox Intelligence -> If email is sent by an impersonated user: QUARANTINE * Advanced Settings -> Edit * Advanced phishing thresholds -> MOST AGGRESSIVE
upvoted 16 times
...
BigDazza_111
Most Recent 2 years, 5 months ago
couldn't edit default phishing policy --> work around ? Go to Security admin --> policy and rules --> phishing policy --> new policy , add name /description, add users and select your own domain --> phishing email threshold ...max 4--> enable domains to protect , select your own --> enable mailox intelligence, enable intelligence for impersonaion, enable spoof intelligence, under ACTIONS if messge detected as spoof select quarantine, save policy, and then move it up as priority against other policies...would this work??
upvoted 2 times
...
Nail
3 years, 8 months ago
From the M365 admin center: Go to Security admin center > Policies & rules (under Email & collaboration) > Threat policies > Anti-phishing
upvoted 10 times
...
ThBEST
3 years, 10 months ago
I agree with Toyo on this one, although Oz is being more cautious, the increased number of false positives is not a good for production or accuracy. However here is the new reference link as of 06/04/2021: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/configure-mdo-anti-phishing-policies?view=o365-worldwide
upvoted 2 times
WMG
3 years, 8 months ago
The question does not state anything about production or accuracy. Just that "as many as possible be identified." This means raising the threshold to max. In reality you would then review the quarantine and see if legit emails are being caught and why. If you have a lower setting, emails go through to your users and we all know how that goes. Oz is correct, change to Most Aggressive.
upvoted 2 times
...
...
andreiiar
4 years ago
What about Spoof settings? Default here is move to junk. === Editing Spoofing filter settings Editing Actions If the person spoofing your domain isn't an allowed sender, we'll apply the action you choose here. ===
upvoted 1 times
...
DrMe
4 years, 3 months ago
Walk though with video... https://support.microsoft.com/en-us/office/protect-against-phishing-attempts-in-microsoft-365-86c425e1-1686-430a-9151-f7176cce4f2c Make sure you also also complete Oz's recommendation to change the threshold too.
upvoted 4 times
AJ2021
4 years, 2 months ago
I agree with Toyo, leave APT asis, also left unchanged in your video link too
upvoted 2 times
...
...
Toyo1
4 years, 8 months ago
I don't think the Advanced Phishing Threshold should be raised because the question did not request the threshold be raised. Raising the threshold to "Most Aggressive" may result in high number of false positives.
upvoted 4 times
njeske
4 years, 7 months ago
The problem states "As many phishing email messages as possible must be identified." It doesn't say anything at all about the organizations tolerance level for false positives. Therefore, I'd completely agree with Oz, and would raise the Advanced Phishing Threshold to "Most Agressive."
upvoted 10 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago