Conditional Access Policy

Configure Conditional Access to Block Legacy Authentication in Microsoft Entra ID In today’s rapidly evolving cybersecurity landscape, protecting your organization’s resources is more critical than ever. Microsoft Entra ID (formerly Azure AD) offers robust tools for managing access to corporate resources and safeguarding data. One such feature is Conditional Access, which can help enforce security policies across various platforms and applications. A common security measure is blocking legacy authentication, which is vulnerable to several types of cyberattacks, including brute-force attacks. In this blog post, I will walk you through how to configure Conditional Access to block legacy authentication in Microsoft Entra ID. This simple yet powerful step can significantly enhance the security posture of your organization. What is Legacy Authentication? Before diving into the configuration process, let’s understand what legacy authentication is and why it’s a potential risk. Legacy authentication refers to older authentication protocols that do not support modern security features, like Multi-Factor Authentication (MFA). These protocols include: While these methods may still work, they lack built-in security mechanisms like MFA and conditional access policies. As a result, they are often exploited by attackers to gain unauthorized access to accounts. Why Block Legacy Authentication? Blocking legacy authentication is essential for securing your organization’s sensitive data. Some of the reasons include: Steps to Configure Conditional Access to Block Legacy Authentication in Microsoft Entra ID Follow these steps to configure Conditional Access and block legacy authentication in Microsoft Entra ID: Login to Microsoft Entra ID with your admin credentials. Click Protection > Conditional Access on the left-hand pane, as shown below. Click on Policies +New policy from the template to create a policy leveraging the Microsoft built-in template. Under Secure foundation, choose Block legacy authentication. Click on Review + Create. For the Policy state, select On to enable the policy. Review the policy and click on the Create button. This is a very straightforward policy. This policy applies to all users and excludes your admin account (The account you are currently logged in with). TargetingAll resources (formerly ‘All cloud apps. And Blocking access for Exchange ActiveSync clients and other clients, including older office clients and other mail protocols(POP, IMAP, SMTP, etc Test the Policy Best Practices When Blocking Legacy Authentication Blocking legacy authentication can have a significant impact on your organization’s access patterns. Follow these best practices to ensure an easy and smooth transition: Conclusion Configuring Conditional Access to block legacy authentication in Microsoft Entra ID is a critical step toward enhancing your organization’s security. By taking this proactive measure, you can mitigate the risks associated with outdated and vulnerable authentication protocols. As a part of a broader security strategy, blocking legacy authentication ensures your users are adopting more secure, modern authentication methods, helping protect your organization’s data from potential threats. Stay ahead of cyber threats by embracing modern security practices.

Disable Persistent Browser Sessions in Microsoft Entra ID In today’s digital landscape, user security is a top priority for organizations. Microsoft Entra ID, formerly known as Azure Active Directory (AAD), provides a robust suite of tools to manage identity and access. One of the critical features that can enhance security is the ability to control how sessions are handled. Disabling persistent browser sessions in Microsoft Entra ID can prevent unauthorized users from maintaining logged-in states across sessions, adding an extra layer of security to your environment. In this post, I will walk you through the process of disabling persistent browser sessions in Microsoft Entra ID, ensuring that users must re-authenticate every time they access their accounts, thereby reducing the risk of unauthorized access. What is a Persistent Browser Session? A persistent browser session occurs when a user logs in to an application, and their session is saved across browser restarts. This means the user doesn’t have to log in again, even after closing and reopening the browser. While this is convenient for users, it can pose a significant security risk. If someone gains unauthorized access to the user’s device, they could potentially access sensitive applications without needing to authenticate again. For organizations using Microsoft Entra ID, managing persistent sessions is vital for securing user accounts, especially in environments where devices may be shared or used by multiple individuals. Why Disable Persistent Browser Sessions? There are several reasons why you may want to disable persistent browser sessions: Disabling persistent sessions ensures users authenticate with each session, which helps safeguard against security threats. Step-by-Step Guide to Disable Persistent Browser Sessions in Microsoft Entra ID Log In to Microsoft Entra Admin Center using your admin credentials. Click on Protection > Conditional Access, as shown in the screenshot below. Click on Policies > +New policy. Give your policy a descriptive name so you can easily identify it later. Under Assignments, click on Users and select All Users under Include. Click on Target resources and select All resources (formerly ‘All cloud apps’) under Include. Click on Conditions > Client apps. Select Yes under Configure. For Modern authentication clients, check the box next to Browser to select it. Click Done. Under Access controls, click on Session. Check the box next to the Sign-in frequency. Set the periodic reauthentication to 1, and select Hours. Check the box next to  Persistent browser session to select it. Select Never persistent. Click on Select, as shown below. Review all settings to ensure they align with your organization’s security requirements. Select On to enable it, and click on the Create button, as shown in the screenshot below. The policy was created successfully, as shown in the screenshot below. Verifying the Changes After the policy is applied, it’s essential to verify that persistent sessions have been disabled. Log in to an application integrated with Microsoft Entra ID. I will log in to Outlook for this example. Close the browser and reopen it, or leave it inactive for a while. Try to access the application again without logging in. If the settings are correct, the user should be prompted to authenticate again. See the screenshot below. You can also perform tests with different user roles to ensure the policy applies correctly across all users. Best Practices for Securing Sessions in Microsoft Entra ID Conclusion Disabling persistent browser sessions in Microsoft Entra ID is an effective way to improve security by ensuring users must authenticate each time they access critical resources. This action lowers the risk of unauthorized access in case of device theft or sharing, aligning with best security practices. By following the steps outlined above, you can configure your organization’s Microsoft Entra ID environment to provide more control over user sessions. With enhanced security, you can have greater confidence that your data and applications are protected.

How to Configure a Conditional Access Policy to Block Unapproved Devices in Microsoft Entra ID In an era where data security is paramount, managing access to your organization’s resources is one of the most crucial tasks an IT administrator can perform. Microsoft Entra ID (formerly Azure Active Directory) offers powerful tools to ensure that only trusted users and devices can access your critical applications and sensitive data. One such tool is Conditional Access, which allows administrators to create rules that determine how and when users can access resources based on specific conditions. In this blog post, I will walk you through how to configure a Conditional Access Policy in Microsoft Entra ID to block unapproved devices, thereby enhancing your organization’s security posture. Why Block Unapproved Devices in Microsoft Entra ID? Unapproved devices can pose a significant security risk, especially when accessing corporate resources such as email, files, or applications. Blocking unapproved devices helps to mitigate risks such as: By blocking unapproved devices using Conditional Access policies in Microsoft Entra ID, you can enforce strict security measures and ensure that only compliant devices can access your resources. Prerequisites Before you can configure a Conditional Access policy to block unapproved devices in Microsoft Entra ID, ensure the following: Disable Microsoft Security Defaults To use a conditional access policy. You will need to turn off Microsoft security defaults. Follow the following steps to turn off Microsoft security defaults. In Microsoft Entra ID, click on Identity >Overview >Properties >Select Manage security defaults >Set Security defaults to Disabled (not recommended). Click the Save button. Create a Conditional Access Policy in Microsoft Entra ID to Block Unapproved Devices Sign In to the Microsoft Entra ID Admin Center with your administrative credentials. From the left-hand menu, click on Protection and click on Conditional Access, as shown below. Click on Policies, then + New Policy to start creating your new policy. Give your policy a clear, descriptive name, such as “Block Unapproved Device type.” Under Assignments, select users to specify the users to whom the policy will apply. You can apply the policy to all users or target specific groups such as admins, contractors, or employees. For this example, I will apply the policy to all users. Under Include, select All users. Click on Target resources, and under Include, select All resources (formerly ‘All cloud apps’). Click on Conditions, then click Device Platforms. Select Yes under Configure. Under Include, choose Select device platforms. Select the device types that are not used in your organization. Click on Grant >Block access to block access to the device type specified in the previous step. Click on Select as shown below. Review the policy, select On to enable the policy, and click on the Create button. The policy was created and enabled successfully, as shown below. Test the Policy Before enforcing this policy across your organization, you should test it with a pilot group. This will allow you to verify that the policy is blocking unapproved devices without causing any unintended disruptions. Monitor and Refine Once the policy is live, regularly monitor its effectiveness through the Sign-in logs and Audit logs in the Microsoft Entra ID Admin Center. Review reports to ensure that the policy is blocking unauthorized devices and not interfering with legitimate users. Best Practices for Managing Conditional Access Policies Here are some best practices to consider when configuring Conditional Access policies in Microsoft Entra ID: Conclusion Blocking unapproved devices through a Conditional Access policy in Microsoft Entra ID is an effective way to safeguard your organization’s resources and sensitive data. By following the steps outlined in this guide, you can implement a robust access control strategy that will ensure that only trusted devices can access your critical applications.

Configure an Access Control Policy to Block Access from Unauthorized Locations in Entra ID In today’s digital age, ensuring the security of your organization’s data is paramount. One of the most effective ways to protect against unauthorized access is by setting up location-based access control policies. With Entra ID, you can easily configure these policies to block users from accessing your system from unauthorized or suspicious locations. This guide walks you through the steps of configuring and applying an access control policy in Entra ID to block access from unauthorized locations. Let’s dive in! What is Entra ID? Entra ID, formerly known as Azure AD, is a cloud-based identity and access management service that helps businesses manage user identities, access to applications, and security across their environment. It offers features like conditional access policies, multi-factor authentication, and security reports to help protect your organization’s sensitive data. Why Block Access from Unauthorized Locations? Blocking access based on geographic location is one of the most effective ways to mitigate risks related to unauthorized logins. Here are a few reasons why location-based access control is crucial: Entra ID offers an easy-to-use interface to configure access control policies that restrict or allow access based on the user’s location. Disable Microsoft security defaults in Microsoft Entra ID To use a conditional access policy. You will need to turn off Microsoft security defaults. Follow the following steps to turn off Microsoft security defaults: In Microsoft Entra ID, click on Identity >Overview >Properties >Manage security defaults. Select Disabled (not recommended) and Click the Save button. Create Approved Counties in Microsoft Entra ID Click on Named locations on the left pane of the Conditional Access page. Click on Countries location, give your new location a name, select Determine location by IP address (IPv4 and IPv6), Search for the country or countries you want to allow and select them. I will select the United States for this example. Click on the Create button, as shown below. Create a New Conditional Access Policy to Block Unapproved Countries From the Microsoft Entra ID admin center, click on Protection >Conditional access. Click on Policies >New Policy at the top of the Conditional Access page, as shown below. You’ll be prompted to give your policy a name. Choose a descriptive name, such as Block Unauthorized Locations, to help you identify it later. Under the Assignments section, select the Users and Groups to which the policy will apply. You can apply it to all users and specific groups or select individual users based on your security needs. For this example, select All users. Click on Exclude > User and groups. Search for your username, click on it, then click on Select to exclude yourself. As shown here Click on Target resources, and select All resources (formerly ‘All cloud apps’) under Include. Click on Network, Click Yes under Configure, and select Any network or location under Include, as shown below. Still, under Network, click Exclude >Select networks and locations. select the approved country created earlier and click Save, as shown below. Click on Conditions and select Locations. Click Yes under Configure, and select Any network or location. Click on Exclude > Selected networks and locations. Search for the Approved Country created earlier, click on it to select it, then click on Save to exclude the approved country (United States). Still, under the Conditions, click on Client apps > select Yes under Configure. Select the client apps to which you want the policy to apply. For this example, I will select Browser and Mobile apps and desktop clients, as shown below. Click Done. Next, we are going to make some exceptions. This is for situations like when your CEO travels outside the United States and wants to work remotely. Select Exclude filtered devices from policy and set a rule. Property >IsComplaint, Operator >Equals, Value >True. Click Done. This rule will allow access from outside the United States if complaint. Click on Grant >Block access >Select. Enable the Policy Click On, as shown below, to enable the policy. Click on the Create button. The policy was created and enabled successfully. Test the Effectiveness of the Policy Before rolling out the policy organization-wide, it’s always a good idea to test it with a small group of users to ensure everything is working as expected. For this example, you will need to change your location. I changed my country to Canada using a VPN. Then, I tried to log in to one of the test user accounts. The policy works as expected. Below is the message I received. Best Practices for Configuring Location-Based Access Control in Entra ID Conclusion Blocking access from unauthorized locations is a proactive measure to safeguard your organization’s sensitive data and ensure only trusted users have access to critical resources. With Entra ID’s Conditional Access policies, you can easily configure location-based access controls and apply them to specific users, groups, or applications. By following this guide, you can implement a strong security layer that minimizes the risk of unauthorized access from suspicious locations.

Configure a Conditional Access Policy to Enforce Multi-Factor Authentication to Protect Office 365 in Microsoft Entra ID In today’s digital landscape, securing access to sensitive company data is more important than ever. While usernames and passwords are still widely used, they are not enough on their own to protect accounts from cyber threats. Multi-factor authentication (MFA) provides another layer of security that can significantly lower the risk of unauthorized access. One powerful tool for enforcing MFA across an organization is Conditional Access. In this post, I will guide you through the steps to configure a Conditional Access Policy to require MFA for all users in your Microsoft 365 environment. What is Conditional Access? Conditional Access is a feature in Entra ID that allows administrators to control access to applications based on specific conditions. These conditions can include factors like user location, device state, or the type of app being accessed. Conditional Access can be used to enforce security policies, such as requiring Multi-Factor Authentication, to make sure that only authorized users have access to certain resources. Why Use MFA with Conditional Access? While passwords are still the primary method for user authentication, they are vulnerable to various types of attacks like phishing, brute force, and credential stuffing. By requiring Multi-Factor Authentication (MFA), you add an extra layer of security that makes it much more harder for attackers to gain access to an account. When you configure a Conditional Access policy to require MFA, you can: Prerequisites Before you configure a Conditional Access policy for MFA, ensure you meet these requirements: Disable Microsoft security defaults in Microsoft Entra ID To use a conditional access policy. You will need to turn off Microsoft security defaults. Follow the following steps to turn off Microsoft security defaults: In Microsoft Entra ID, click on Identity >Overview >Properties >Manage security defaults. Select Disabled (not recommended) and Click the Save button. Steps to Configure Conditional Access to Require MFA for All Use You can access the Microsoft Entra ID admin center from Azure or Microsoft Office 365 admin center. To access the Microsoft Entra ID admin center from Azure, click on Microsoft Entra ID from the left-hand pane or search for Microsoft Entra ID in the search box. To access the Microsoft Entra ID admin center from the Microsoft Office 365 admin center, click on Show all, then click on Identity. You can configure conditional access from the Microsoft Entra ID admin center or from the Microsoft Intune admin center. To configure conditional access from the Microsoft Intune admin center, Click on Endpoint Security>Conditional access. To configure access control from the Microsoft Entra ID admin center, click on Protection >Conditional access. Next, we are going to create a conditional access policy to require MFA for all users using the provided template Click on Create new policy from templates. Select Require multifactor authentication for all users and click on the Review + Create button. Update your policy name as needed. We are not ready to turn the policy on yet, so select Report Only and click on the Create button. How to Configure Custom Conditional Access to Require Multi-Factor Authentication To configure access control from the Microsoft Entra ID admin center, click on Protection >Conditional access. Click on New policy. Give your policy a name. Click on users and select All users under Include, as shown below. You can select users and groups to assign the policy to groups. See the second method below. Under the Assignments section, click Users and groups. Select All users to apply this policy to everyone in your organization. You will need to create the All User group if you haven’t already. Optionally, you can exclude certain users or groups (e.g., service accounts or emergency accounts), but for enforcing MFA universally, select all users. Click on Target resources and select All resources (formerly ‘All cloud apps’) under Include, as shown below. Click on Grant and select Grant access. Check the box next to Require multifactor authentication and click Select, as shown below. Click the Create button. Configure Multi-factor Authentication Methods in Microsoft Entra ID Now, let’s configure the Multi-factor Authentication methods that we want users to use to authenticate. You can enable as many MFA methods as possible based on your needs. For this example, I will configure Microsoft Authenticator and Passkey (FIDO2). How to Configure Microsoft Authenticator as an Authentication Method in Microsoft Entra ID Click on Protection >Authentication methods >Policies >Microsoft Authenticator, as shown below. Click on the Enable toggle to enable the policy. You can choose Select groups if you want to target groups. For this example, Select All users under Include. You can make further changes by clicking on Configure but leaving it as default for this example. Click on the Save button. How to Configure Passkey FIDO2 as an Authentication Method in Microsoft Entra ID Click on Protection >Authentication methods >Policies >Passkey (FIDO2), as shown below. Click on the Enable toggle to enable the policy. You can choose Select groups if you want to target groups. For this example, Select All users under Include. Click on Configure, Allow self-service set up >Yes, Enforce attestation >No, Enforce key restrictions >No. Click on the Save button. Now that we have our multifactor authentication methods configured, we are ready to enable the Require multifactor authentication for all users‘ policy created earlier. Click on Policies > Require multifactor authentication for all users. Click on the On and click on the Save button. Test the Effectiveness of the Multifactor Authentication Policy Now that the policy is enabled let’s test it. I will try to log in to Office 365 with one of the testing user accounts I created. The policy works as expected with only two multi-factor authentication methods as configured. Conclusion Configuring a Conditional Access policy to enforce Multi-Factor Authentication for all users is an effective way to enhance the security of your organization’s Microsoft 365 environment. By implementing MFA, you reduce the likelihood of unauthorized access, safeguard sensitive data, and ensure that your company complies with regulatory requirements. With Azure Active Directory’s Conditional Access

Secure Your Organization’s Mobile App on Personal Smartphones (BYOD) In today’s increasingly mobile world, employees are more likely to use their personal smartphones and devices for work, using an approach known as Bring Your Own Device (BYOD). While this can boost productivity and flexibility, it also presents significant security challenges for organizations. Ensuring that your organization’s mobile apps are secure on personal smartphones is paramount. Fortunately, Microsoft Intune, a comprehensive Mobile Device Management (MDM) and Mobile Application Management (MAM) solution, offers powerful tools to protect sensitive data and maintain compliance. In this blog post, I will guide you through the steps to secure your organization’s mobile apps on personal smartphones using Microsoft Intune. Why Securing BYOD with Microsoft Intune is Essential BYOD offers several benefits, such as reducing hardware costs and improving employee satisfaction. However, it also increases the risk of data breaches, device loss, and unauthorized access. Without a clear strategy and security framework, organizations expose themselves to potential data leaks, cyberattacks, and non-compliance with industry regulations. Microsoft Intune provides a robust set of tools to manage and secure personal devices that access corporate resources. It enables IT admins to enforce security policies, monitor device compliance, and ensure that only authorized users and apps can access sensitive corporate data. Manage Data and Protect Sensitive Information To protect sensitive corporate data, organizations need to ensure that any data accessed or stored on personal devices is protected. Microsoft Intune provides several data protection capabilities to secure your organization’s mobile apps. Data Protection Strategies in Intune: Mobile Application Management (MAM): Apply MAM policies to prevent data leakage by controlling actions like copy-paste, saving documents, or forwarding emails from corporate apps. For example, you can stop users from copying text from a work app and pasting it into a personal app. App Wrapping: Microsoft Intune allows you to “wrap” mobile apps with a management layer that enforces security policies. This can ensure that data within the app remains encrypted and is only accessible under specified conditions. Remote Wipe Capabilities: In the event of a lost or stolen device, Intune allows IT admins to remotely wipe the organization’s data from the device without affecting the user’s personal data. This can be especially important for maintaining the integrity of sensitive information on BYOD devices. Enroll Devices into Microsoft Intune The first step in securing your organization’s mobile apps on personal smartphones is enrolling the devices into Intune. Microsoft Intune supports both iOS and Android devices, allowing users to bring their own smartphones while giving IT teams the control they need. After enrollment, ensure that the devices are compliant with your organization’s mobile security policies. Intune can check if the device is running the latest operating system, has encryption enabled, and meets other requirements. Disable Microsoft security defaults in Microsoft Entra ID To use a conditional access policy. You will need to turn off Microsoft security defaults. Follow the following steps to turn off Microsoft security defaults: In Microsoft Entra ID, click on Identity >Overview >Properties >Manage security defaults. Select Disabled (not recommended) and Click the Save button. Configure App Protection Policies Microsoft Intune offers powerful app protection policies that can be applied to your organization’s mobile apps, whether the device is personally owned or company-issued. These policies help secure apps by ensuring that sensitive data is protected, even when used on a personal device. From the Intune Admin Center, click on Apps >App protection policies >Create policy Choose the platform (iOS or Android). For this example, I will choose Android. Name your policy, Enter a meaningful description, and click on the Next button. Click on the drop-down menu and select which apps to target the policy to, depending on which apps your organization uses. For this example, I will select the Core Microsoft app in the drop-down. Click on the blue hyperlink “View a list of apps that will be targeted” to view the list of the targeted apps, as shown below. Click the Next button. On the Data Protection page, Set the data protection policy based on your organization’s needs. I will set the policies as follows: Backup org data to Android backup services >BlockSend org data to other apps >Policy Managed appsSave copies of org data >BlockAllow user to save copies to selected services >OneDrive for Business and Sharepoint Transfer telecommunication data to Any dialer appTransfer messaging data to Any policy-managed messaging appReceive data from other apps >Policy Managed appsOpen data into Org documents >BlockAllow users to open data from selected services >OneDrive for Business and Sharepoint Restrict cut, copy, and paste between other apps >Policy managed apps with paste inCut and copy character limit for any app >0Screen capture and Google Assistant >BlockEncrypt org data >RequireEncrypt org data on enrolled devices >RequireSync policy managed app data with native apps or add-ins >BlockPrinting org data >BlockRestrict web content transfer with other apps> Microsoft EdgeStart Microsoft Tunnel connection on app-launch >Yes Click on the Next button. On the Data Access requirements page, Set the policy based on your organization’s needs. I will set the policies as follows:PIN type >NumericSimple PIN >BlockSelect minimum PIN length >4Biometrics instead of PIN for access >AllowOverride biometrics with PIN after timeout >RequireTimeout (minutes of inactivity) >30Class 3 Biometrics (Android 9.0+) >Not requiredApp PIN when device PIN is set >Not requiredRecheck the access requirements after (minutes of inactivity) >30 Click on the Next button. I will leave the Conditional launch page as default. Let’s assign the policy to a group. On the assignment page, under included groups, click on Add groups. Search for the group you want to include. For this example, I assigned the policy to All users‘ group. Select the group and click on the Next button. Click the Next button. Review Your policy and click Create. Configure Conditional Access Policy to Enforce the App Protection Policies Conditional Access is a key feature of Microsoft Intune that allows organizations to control who can access what resources, from which devices, and under what conditions. By setting up conditional

Secure Your Organization’s Email from Spam, Malware, and Phishing Attacks with Defender for Office 365 In today’s digital age, cyber threats are becoming increasingly sophisticated, and securing your Office 365 environment is more important than ever. Microsoft Defender for Office 365 (formerly Office 365 Advanced Threat Protection) is a powerful security tool designed to protect your organization from phishing, malware, and other threats targeting your Office 365 environment. In this step-by-step guide, I will walk you through how to use Defender for Office 365 to secure your Office 365 account and data effectively. Why Use Defender for Office 365? Microsoft Defender for Office 365 provides robust protection against various types of cyber threats, including: By leveraging Defender for Office 365, businesses can enhance their security posture, prevent data breaches, and maintain business continuity. To access Microsoft Defender for Office 365 from your Microsoft 365 admin center, click on Security as shown below. Click on Threat Policies. Click on Preset Security Policies. You can turn on the preset security policy by clicking on the toggle if you want. Click on the hyperlink Manage protection settings to edit the policy. Click here to learn more about the difference between standard protection and strict protection from Microsoft Learn. To be flexible, be in control and tailor the policies to your organization’s needs, we are going to configure the policies manually. Let’s start by creating a quarantine policy. Click on Threat Policies, and under Rules, click Quarantine Policies. Click on the Global settings to customize email notifications that go out to the recipients who receive a message that has been quarantined. Click on Add Custom policy and give your policy a name. Click the Next button. Select the recipient message access. You have two options to choose from: Limited access or Set specific access (Advanced). With limited access, recipients can preview messages, request messages to be released, delete messages, and allow senders, but recipients can’t release messages from quarantine. Set specific access (Advanced) allows you to customize your policy further. Select the right access for your organization based on your organization’s needs and the level of your employee’s cybersecurity awareness. For this example, I will select Set specific access (Advanced). Let’s assume that our users are cybersecurity-aware and well-trained because people will generally do the right thing if they know what to do. In the drop-down, select Allow recipients to release a message from quarantine, and check the boxes next to what action you want them to be able to take, as shown below. Click the Next button. Check the box next to Enable to enable the policy and leave the default option on. Click the Next button. Review your policy and click the Submit button. Next, we are going to create different policies. Under Policies, click Anti-phishing. Configure Anti-Phishing Policies Phishing attacks are among the most common threats targeting Office 365 users. Defender for Office 365’s anti-phishing policies can help prevent such attacks. Follow these steps to configure them: Click on Email & collaboration >Policies & rules > Threat policy> Anti-phishing Click Create Give your policy a name and click the Next button. You can list users that you want this policy to apply to, group, or your organization’s own domains. For this example, I will add a domain. You can also exclude users, groups, or domains by checking the box next to Exclude these users, groups, and domains. Check the box next to Enable Mailbox Intelligence (Recommended), as shown below, and click the Next button For If the message is detected as spoof and DMARC Policy is set as p=quarantine, Select Quarantine the message. For If the message is detected as spoof and DMARC Policy is set as p=reject, select Reject the message. For If the message is detected as spoof by spoof intelligence, Select Quarantine the message. For Apply quarantine policy, select the Custom Quarantine Policy created earlier. Check all the boxes for Safety tips and indicators to turn them on. Click the Next button. Review your policy and click on the Submit button. The anti-phishing policy has been successfully created. Configure Custom Inbound Anti-Spam Policy Click Email & collaboration >Policies & rules > Threat policy >Anti-spam ClickCreate policy >Inbound Give your policy a name and click the Next button. You can list users that you want this policy to apply to, group, or your organization’s own domains. For this example, I will add a domain. You can also exclude users, groups, or domains by checking the box next to Exclude these users, groups, and domains. Set the Bulk email threshold based on your needs. The default is 7. A higher bulk email threshold means more bulk emails will be delivered to the receivers. The standard threshold is 6, and the strict is 5. See the screenshot below and click here to learn more. You can set it to 5 or 6 at the beginning. Monitor and adjust as needed. customize spam property as needed to Increase spam score. For this example, I will turn them on, as shown below. Leave everything else as default and click on the Next button. On the action page, set the Spam, High confidence spam, Phishing, High confidence phishing, and Bulk complaint level (BCL) met or exceeded to Quarantine the message and select the Custom Quarantine Policy created earlier. Leave Intra-Organizational messages to take action on as Default. Decide how many days you want to retain the span in quarantine. For this example, I will set Retain spam in quarantine for this many days to 30 days. The default is 15. Leave everything else as default and click the Next button. On the Allow & block list page, you can allow or block senders and domains. For this example, I will leave this as default. Review and click on the Create button. The Inbound Anti-Spam Policy was successfully created and turned on. Note: I updated the policy name to reflect inbound. See below. Configure Outbound Custom Anti-Spam Policy Click Email & collaboration >Policies & rules > Threat policy >Anti-spam >Create policy >Outbound Give your policy a name and click on the