Ensure that an anti-phishing policy has been created
Why This Matters
Phishing attacks remain one of the most common and dangerous threats to organizations. Without an anti-phishing policy, your users are more vulnerable to impersonation and spoofing attacks that can lead to credential theft, data loss, or malware installation. Creating and configuring anti-phishing policies in Microsoft 365 ensures that safety tips are displayed to warn users about potentially harmful messages and that detection settings are optimized for your environment.
What Aether365 Checks
Aether365 verifies that at least one anti-phishing policy has been created in your Microsoft 365 tenant. This check appears in the Aether365 dashboard under microsoft-365 checks and confirms compliance with CIS Microsoft 365 Foundations Benchmark requirements.
How to Fix
Follow these steps to create an anti-phishing policy.
Using the Microsoft 365 Admin Center: