Configure further Office 365 anti spam options

Enable 2FA where possible

• Enable Multi-Factor or 2FA everywhere - you are harder to phish if its enabled

  • Consider hardware tokens universally, if not possible hardware for users that can make financial decisions. 

  • Software 2FA should be configured for all users

The following links provide additional information and details re Office 365’s extensive anti-spam configurations:

https://protection.office.com/antispam

https://www.undocumented-features.com/2019/08/13/exchange-online-protection-eop-best-practices-and-recommendations/#Spam_filtering

https://www.undocumented-features.com/2019/08/13/exchange-online-protection-eop-best-practices-and-recommendations/#Enabling_End_User_Quarantine

https://outlook.office365.com/ecp/Antispam/EditEnduserSpamNotification.aspx.

Using Transport Rule to get copies of emails: 

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/use-mail-flow-rules-to-see-what-your-users-are-reporting-to-microsoft?view=o365-worldwide

Managing International Spam

On the International Spam settings, you can filter out email messages written in specific languages, or sent from specific countries or regions

https://www.undocumented-features.com/2019/08/13/exchange-online-protection-eop-best-practices-and-recommendations/#International_spam

Attachment Blocking

https://docs.microsoft.com/en-us/exchange/security-and-compliance/mail-flow-rules/common-attachment-blocking-scenarios

Ensuring RFC-compliant From addresses

https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-phishing-from-email-address-validation?view=o365-worldwide#examples-of-valid-and-invalid-from-addresses

Malware Detection Policy

https://www.undocumented-features.com/2019/08/13/exchange-online-protection-eop-best-practices-and-recommendations/#Anti-malware_filter_policies