Stop Phishing Emails With Microsoft 365


  • Microsoft Office 365 can be a good tool to stop phishing emails
  • Microsoft Office 365 offers specific anti phishing protection
  • We look at using the tools Microsoft Office 365 offers to stop phishing emails
  • This protection is not enough as phishing emails will still get through
  • A dedicated anti-phishing tool is required

Anti Phishing For Microsoft Office 365 Becoming Critical

With more businesses moving to the cloud, and Microsoft Office 365 usage growing by over 50%, stopping phishing using Microsoft 365 is becoming increasingly important.

We’ll look at ways you can use Microsoft 365 to stop phishing emails, as well as other tools that are effective in putting a stop to phishing emails.

From Spear Phishing to Whaling

It’s important to start by understanding the different types of phishing emails, such as spear phishing and social engineering. Each one is slightly different and requires a different response to effectively stop those phishing emails. The most common types of phishing email are:

  • Simple phishing
  • Sophisticated phishing
  • Spear phishing
  • Whaling

Simple phishing emails

Simple phishing emails used to be really simple: a Nigerian prince that really needed your help, or someone you know who’s stuck in Thailand with their wallet stolen. Simple phishing emails have now graduated to be slightly more advanced, and include competition wins (yes, people still click on those), mailbox full phishing emails, password expired phishing emails, and so on.

Sophisticated phishing emails

These are more complex attacks that include more well-thought-out elements than the mass-market simple phishing emails. A common example of this is the threatening email that promises that “we have video evidence of you watching pornography, send us Bitcoin or we’ll email the videos to all your contacts”. What makes phishing email that much more sophisticated is that often these phishing emails will start off by quoting your real password (which they bought online from another data breach). Other forms of more sophisticated emails include document-based phishing emails such as Google Docs, Dropbox links or Microsoft OneDrive messages, all of which look legitimate and conceal their links well.

Spear Phishing

These are targeted phishing attacks, against a specific person or group of people. Typically the attacker has done some research on LinkedIn and knows the victim’s name and email address, as well as that of a boss or colleague. They will then send a targeted phishing email appearing to be from a trustworthy source, that makes a request that’s in line with that person’s function. For example, a CFO might get an email from the CEO about a “secret project” that needs an amount of money deposited into an account “urgently”.


Finally, there’s whaling. This is when attacker go after the big guns in an organization, most commonly the CEO or Chairman of the Board. The message is usually carefully crafted and impeccably researched. Unfortunately, too many of these attacks have been successful, resulting in firings, data breaches, and all too often taking an organization to the brink of disaster.

Social Engineering

What many of these types of phishing have in common is some kind of social engineering. Social engineering is the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. Social engineering is going to be very important as we look at using Microsoft Office 365 to protect your organization and users against phishing emails.

Anti Phishing Tools Microsoft Office 365 Provides

Within Microsoft O365, there exist tools and settings to minimize the threat of phishing that your organization faces.

Through The Microsoft Office 365 Admin Dashboard

Microsoft offers some pretty good basic anti-phishing protection through their Admin Dashboard. To get started, click “Admin centers” and then “Security & Compliance”.

In the Admin Centers, navigate to Security & Compliance

You’ll see a feature-packed dashboard that deals with everything from threat management to data security. Microsoft is constantly updating this, so it’s worth revisiting this page often.

For specific anti-phishing protection, click on Threat Management and head over to your dashboard.

The Security & Compliance dashboard

If you don’t already have one, you’ll want to create a new anti-phishing policy:

Setting up anti-phishing with Microsoft Office 365

Follow the steps to start creating some of your own rules.

Creating an anti-phishing policy

Creating an anti-spoofing policy

You’ll be able to change the settings so that phishing or spoofed emails get deleted, sent to junk, or dealt with in another way. This is the first step to stop phishing emails with Microsoft Office 365.

Microsoft Office ATP

Not to be confused with the world tennis tour, Microsoft ATP, or “advanced Threat Protection”, gives an extra layer of security when it comes to stopping fake emails. We must caution that our tests show that ATP is not an entirely effective barrier to phishing, but nonetheless it can form part of a multi-layered approach. To set up ATP, visit Microsoft’s ATP documentation center.

Using Microsoft Outlook To Stop Phishing Emails

Microsoft Outlook itself has some built-in tools that can help stop phishing emails. From your administrator account, click “File” and then “Rules and Alerts”. Here you can set up your own alerts and rules that give you some degree of control over your emails. This feature lets you, for example, move any emails with a certain word in the subject to a specific folder. So if you’re getting constant phishing emails with the subject line “You’ve Won an iPhone!”, you can automatically move it to junk.

Managing rules and alerts in Microsoft Outlook

Similarly, you can set up alerts in those cases to keep you abreast of any mass emails or potential attacks.

Creating a rule through Microsoft Outlook

Junk Emails

While many people think of the Junk folder as the last stop for any bad emails, it’s actually an extremely powerful tool if used correctly. Through “Junk”, you can set up rules such as blocked senders or safe senders, and take at least some control when it comes to what gets delivered to your – and your users’ – inbox.

Using junk options

Using Junk folder options to create rules

There are plenty of other tools and tips for using Microsoft Office 365 to stop phishing emails, such as policies that label external emails and others, but we’ll leave those for another post.

More Advanced Anti-Phishing Tools

Then there are specific anti-phishing tools that are built to protect your users. While very powerful, most of these tools have a few big drawbacks. They are:

  • Expensive
  • Difficult to set up
  • Require changing settings, MX records, etc.
  • Time consuming to manage
  • Effective against spam, but not so effective against phishing

Some solutions however are purposely designed to answer business needs and are not weighed down by these disadvantages. We’ll toot our own horn here and point out that the Retruster anti-phishing solution  is:

  • A Microsoft-approved add-in to Microsoft Office 365
  • Can be set up in a few clicks
  • Requires no settings changes
  • Can be set to run on “autopilot” in background
  • Offers great value
  • Is effective at stopping phishing emails

Of course we recommend checking what’s out there to find the best fit for your organization. To see what Retruster has to offer, schedule a demo at your convenience here.

Empowering Users

As experts when it comes to stopping phishing emails, we can say unequivocally that whichever solution you choose, it will have to involve some kind of education for your users. At the end of the day, they are the ones “at the coalface” being sent phishing emails every day, and they have to be educated and empowered to deal with the threat of phishing emails.

This is also something that is built into the Retruster solution, where your users can see when an email is suspicious without having to open a ticket or click on the wrong link.

Retruster anti-phishing platform

What end-users see when using Retruster

Stop Phishing With Microsoft Office 365

In conclusion, Microsoft Office 365 offers some powerful features to stop phishing emails. Unfortunately, these are not enough to stop the types of phishing emails that your organization invariably receives, and some combination of Microsoft O365 solutions and a purpose-built anti-phishing tool is the best way to protect yourself, your users, and your organization.