Stop Email Impersonation in Microsoft 365 - Step by Step
Dec 15, 2023 12:30 PM

Stop Email Impersonation in Microsoft 365 - Step by Step

by HubSite 365 about Jonathan Edwards

No-Faffing Managed IT Support & Cyber Security Support. Made in Yorkshire, built for the UK.

AdministratorSecurityLearning Selection

Shield Your Microsoft 365 From Email Impersonators with Defender!

How to Block Fake Emails Impersonating Your Staff in Microsoft 365 People who pretend to be other people. In the cyber security world, this is known as impersonation.

Fortunately, there is a setting in Microsoft 365 that you can use to reduce the risk in your business, and in this video, I am going to show you it. The setting is called impersonation protection and is included within Defender for Office 365

If you have any video ideas, or if you'd like me to make a video on anything specific make sure to let me know in the comments below!


To block fake emails impersonating your staff in Microsoft 365, you can use a combination of preventative measures and reactive actions.

  • Enable phishing protection: Microsoft 365 includes built-in phishing protection features that can help identify and block suspicious emails. You can enable these features in your organization's Exchange Online settings.
  • Train your staff to identify phishing attacks: Educate your employees about phishing scams and how to spot them. Provide them with regular training materials and exercises to help them stay up-to-date on the latest phishing techniques.
  • Use email authentication protocols: Enable email authentication protocols such as SPF, DKIM, and DMARC to help verify the legitimacy of incoming emails. This can help reduce the likelihood of fake emails from getting through to your employees.

Review email sender addresses: When employees receive emails, encourage them to carefully review the sender's address. If the address looks suspicious or doesn't match the sender's usual email address, it's best to not click on any links or attachments in the email.

  • Report phishing emails: If an employee receives a suspicious email, they should report it to the IT department or security team immediately. This will help the organization identify and block the sender of the email.
  • Delete phishing emails: Employees should not open suspicious emails or click on any links or attachments in them. Doing so could expose them to malware or other harmful content.
  • Beware of social engineering tactics: Phishing emails often try to trick recipients into divulging personal information or clicking on malicious links by using social engineering tactics. Be wary of emails that ask for sensitive information or urge you to take immediate action.

By implementing these preventive and reactive measures, you can help protect your organization from fake emails impersonating your staff and reduce the risk of phishing attacks.

Understanding Impersonation Protection in Microsoft 365

In today's digital landscape, safeguard protocols like the Impersonation Protection in Microsoft 365 are crucial for maintaining the integrity and security of business communication. Impersonation attempts are not only a security concern but are also a direct attack on the trust framework within an organization. Microsoft 365's Defender offers a comprehensive suite of tools to identify, prevent, and counteract these attacks. Utilizing advanced algorithms and protocols such as SPF, DKIM, and DMARC, Defender helps ensure that the emails your staff receives are authentic and unaltered. Proper staff training in recognizing and reporting phishing attempts complements the technical measures, creating a robust defense against email impersonation threats. Keeping your staff vigilant and your security systems up-to-date is key to safeguarding your organization's information and reputation.


Combatting Impersonation in Microsoft 365

In a recent video guide, the focus was laid on the dangers of impersonation, where individuals pose as other employees using fake emails. This act falls within the umbrella of cybersecurity threats. Addressing these concerns, the video presents a solution within Microsoft 365 to safeguard businesses.

The specific feature that counters impersonation attacks is the 'impersonation protection' found in Defender for Office 365. It plays a critical role in establishing a secure email environment. The video aims to provide a clear tutorial on leveraging this setting to its full potential.

Feedback from viewers is encouraged for future content creation, highlighting the importance of user interaction. What follows is a breakdown of the video content. Key timestamps are presented to guide the viewer through the tutorial.

  • 00:00 Introduction
  • 00:45 How Impersonation Works
  • 02:29 Defender for Office 365
  • 03:18 Configuring Impersonation Protection in 365
  • 04:36 Enabling Users to Protect Themselves
  • 05:49 Enabling Domains Protection
  • 06:34 Adding Trusted Senders
  • 07:33 Advanced AI Settings

Combating fake emails in Microsoft 365 requires proactive and reactive strategies. To begin with, organisations should activate phishing protection within their Exchange Online settings. Such in-built features are pivotal in identifying suspicious emails.

Training staff is another proactive approach. Employees must recognize phishing scams and this can be achieved through regular and updated training exercises. Alongside, utilizing email authentication protocols like SPF, DKIM, and DMARC is recommended to ensure the authenticity of emails.

Cautiously reviewing the sender's address is advised to detect discrepancies. If the address seems dubious, it is safer to avoid engaging with the content of the email. For the reactive side, it's crucial to have procedures to report phishing attempts immediately to the relevant department.

Suspicious emails should be deleted without opening any links or attachments. Awareness about social engineering and its techniques is also essential. Such awareness will prevent staff from revealing sensitive information or from being coerced into impulsive actions.

Through these measures, organizations can fortify their defenses against harmful impersonation and phishing activities. Thus, improving their overall security posture. The strategies shared not only reduce the incidents of impersonation but also enhance staff readiness in facing such threats.


Security - Stop Email Impersonation in MS 365: Quick Guide

People also ask

How do I block spam in Microsoft 365 admin center?

To block spam in the Microsoft 365 admin center, you need to configure your spam filter policies. This can involve setting up the default spam filter policy or creating custom policies tailored to your organization's needs. These policies can include setting the spam bulk email filter level, configuring the spam and phishing email actions, blocking senders or domains, and creating allow and block lists for email addresses.

What is impersonation protection in Office 365?

Impersonation protection in Office 365 is a feature designed to detect when an email sender is attempting to impersonate a user or domain within your organization. It's part of Office 365's Advanced Threat Protection (ATP) and uses machine learning and detection algorithms to analyze the sender's reputation, message patterns, and properties to block malicious impersonation attempts.

How do you manage senders for impersonation protection?

To manage senders for impersonation protection in Office 365, you must set up anti-phishing policies in the Microsoft 365 Defender portal. Here, you can define which users are protected, set up the users or domains to be reviewed for impersonation, and establish actions to be taken when an impersonation attempt is detected. You can also adjust advanced settings to determine thresholds for marking emails as phishing attempts based on likeness to the protected users or domains.

How do I block external emails in Office 365?

To block external emails in Office 365, you can create a mail flow rule in the Exchange admin center. This rule can specify conditions for blocking incoming emails from outside your organization. When setting up the rule, choose to apply it to emails from 'Outside the organization' and set the action to 'Reject the message with the explanation' to provide a reason why the email was blocked to the sender.


email impersonation prevention, block phishing Microsoft 365, stop fake emails Microsoft Office, secure email gateways Office 365, Microsoft 365 anti-spoofing, protect against email fraud Microsoft, email security solutions Office 365, prevent email impersonation Microsoft, Microsoft 365 phishing protection, safeguard business emails Microsoft