Configure further Office 365 anti spam options


Enable 2FA where possible


  • Enable Multi-Factor or 2FA everywhere - you are harder to phish if its enabled

    • Consider hardware tokens universally, if not possible hardware for users that can make financial decisions. 

    • Software 2FA should be configured for all users



The following links provide additional information and details re Office 365’s extensive anti-spam configurations:


https://protection.office.com/antispam

https://www.undocumented-features.com/2019/08/13/exchange-online-protection-eop-best-practices-and-recommendations/#Spam_filtering


https://www.undocumented-features.com/2019/08/13/exchange-online-protection-eop-best-practices-and-recommendations/#Enabling_End_User_Quarantine


https://outlook.office365.com/ecp/Antispam/EditEnduserSpamNotification.aspx.




Using Transport Rule to get copies of emails: 

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/use-mail-flow-rules-to-see-what-your-users-are-reporting-to-microsoft?view=o365-worldwide


Managing International Spam


On the International Spam settings, you can filter out email messages written in specific languages, or sent from specific countries or regions


https://www.undocumented-features.com/2019/08/13/exchange-online-protection-eop-best-practices-and-recommendations/#International_spam


Attachment Blocking

https://docs.microsoft.com/en-us/exchange/security-and-compliance/mail-flow-rules/common-attachment-blocking-scenarios



Ensuring RFC-compliant From addresses


https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-phishing-from-email-address-validation?view=o365-worldwide#examples-of-valid-and-invalid-from-addresses




Malware Detection Policy


https://www.undocumented-features.com/2019/08/13/exchange-online-protection-eop-best-practices-and-recommendations/#Anti-malware_filter_policies