No trusted senders in Anti-phishing policy.

Why This Matters

Trusted senders in anti-phishing policies can create security blind spots by allowing messages from specified individual senders or domains to bypass crucial phishing protections. If misconfigured or left empty when trusted senders are needed, this can lead to increased risk of successful phishing attacks that exploit these exemptions. Admins must carefully manage trusted sender lists to prevent over-reliance on a feature designed only for specific, justified exceptions.

What Aether365 Checks

Aether365 verifies that every anti-phishing policy in your Microsoft 365 environment has at least one trusted sender or domain configured. This check appears in the Aether365 dashboard under microsoft-365 checks and highlights policies that are unnecessarily restrictive or incomplete.