SIMULATION - You need to configure your organization to automatically quarantine all phishing email messages. To complete this task, sign in to the Microsoft 365 portal.
Suggested Answer:See explanation below.
You need to edit the Anti-Phishing policy. 1. Go to the Office 365 Microsoft 365 Compliance center. 2. Navigate to Threat Management > Policy > ATP Anti-Phishing. 3. Click on Default Policy. 4. In the Impersonation section, click Edit. 5. Go to the Actions section. 6. In the If email is sent by an impersonated user: box, select Quarantine the message from the drop-down list. 7. In the If email is sent by an impersonated domain: box, select Quarantine the message from the drop-down list. 8. Click Save to save the changes. 9. Click Close to close the anti-phishing policy window.
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/configure-anti-phishing-policies-eop?view=o365-worldwide
https://protection.office.com/antiphishing
Security & Compliance Center, Threat management > Policy > Anti-phishing.
[Default Policy]
Spoof [Edit]
- Actions
If email is sent by someone who's not allowed to spoof your domain:
Quarantine the message
Security Admin Center (security.microsoft.com) > Policies & rules > Threat policies > Anti-phishing
Edit default policy or create new policy and set 'Phishing email threshold' to '4 - Most Aggressive'. This will do as follows: "Messages that are identified as phishing with a low, medium, or high degree of confidence are treated as if they were identified with a very high degree of confidence."
> https://security.microsoft.com/antiphishing
(Security Admin Center > Policies & Rules > Threat Policies > Anti-Phishing)
> Office365 AntiPhish Default (Default)
> Edit Protection Settings & Actions as needed to quarantine messages
> Save
(If it won't let you save, you need to run the command: Enable-OrganizationCustomization)
There is also a setting in https://security.microsoft.com/antispam that could need to be changed.
> Security Admin Center > Policies & Rules > Threat Policies > Anti-Spam
> Anti-Spam inbound policy
> Phishing > change from "Move to Junk" to "Quarantine"
(High Confidence Phishing should already be set to "Quarantine")
Impersonation/spoofing do not equal phishing. This answer tells you how to change impersonation settings, not how to quarantine messages classified as phishing.
Security & Compliance Center, Threat Management > Policy > Anti-spam
Set the Actions for 'Phishing' and "High confidence phishing" to Quarantine.
This section is not available anymore. Please use the main Exam Page.MS-500 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
techstudent
Highly Voted 4 years, 7 months agoGatesBill
Most Recent 2 years, 2 months agodoody
2 years, 6 months agombecile
3 years, 5 months agombecile
3 years, 5 months agoexamTaker3
3 years, 10 months agoFluffhead
3 years, 9 months ago