Office 365 offers a variety of protection against phishing attacks by default and also through additional offerings such as ATP anti-phishing. This topic introduces the online resources you can use to learn about and implement anti-phishing options and strategies in Office 365.
Protect your organization against phishing attacks in Office 365
As an Office 365 administrator, use these resources to learn how to use Office 365 to protect against impersonation-based phishing attacks and to help you educate your end users so that they don't fall prey to malicious phishing attacks.
Before you make any changes to your Office 365 configuration, ensure that you're up to date on the latest that Office 365 has to offer. Visit the Microsoft Safety & Security Center.
The most important thing you can do to secure your environment is to educate your users about the dangers and the warning signs of phishing attacks. To get started, familiarize your users with the information in Protect yourself from phishing schemes and other forms of online fraud.
For Office 365 organizations with Office Enterprise E5, you can use ATP anti-phishing in the Security & Compliance Center. ATP anti-phishing applies a set of machine learning models together with impersonation detection algorithms to incoming messages to provide protection for commodity and spear phishing attacks. ATP anti-phishing protects your organization according to polices that are set by your Office 365 global or security administrators. To learn more, see ATP anti-phishing capabilities in Office 365 and Set up ATP anti-phishing policies in Office 365.
For more details about how Office 365 is configured by default to protect you from phishing attacks, see How Office 365 validates the From: address to prevent phishing.
How Office 365 validates the From: address to prevent phishing
Protect yourself from phishing schemes and other forms of online fraud
Office 365 Advanced Threat Protection
ATP anti-phishing capabilities in Office 365