Domain Impersonation action is set to move to Quarantine.

Why This Matters

Domain impersonation attacks allow threat actors to forge emails from trusted domains, deceiving recipients and enabling phishing, data theft, or malware delivery. Without proper quarantine enforcement, these malicious messages reach user inboxes and bypass security awareness training. For IT administrators, ensuring impersonation attempts are moved to quarantine reduces organizational exposure to targeted domain spoofing campaigns.

What Aether365 Checks

Aether365 verifies that your Microsoft 365 anti-phishing policy has domain impersonation protection action set to move messages to quarantine. This check appears in your Aether365 dashboard under microsoft-365 checks and highlights policies where impersonated domain messages are not automatically quarantined.