Ensure that an anti-phishing policy has been created (Only Checks Default Policy)

Why This Matters

Phishing attacks remain one of the most common and dangerous threats to Microsoft 365 environments. Without an active anti-phishing policy, your organization has no automated defenses to detect and block malicious emails impersonating trusted senders or domains. Enforcing a default anti-phishing policy ensures baseline protection against credential theft and malware delivery.

What Aether365 Checks

This control verifies that at least one anti-phishing policy exists and is active in your Microsoft 365 tenant. Aether365 displays this check in the dashboard under the Microsoft 365 section of the CIS framework compliance monitoring.