No trusted domains in Anti-phishing policy.

Why This Matters

Anti-phishing policies in Microsoft 365 are designed to protect users from sophisticated impersonation attacks. When no trusted domains are configured, the policy cannot differentiate between legitimate internal domains and malicious lookalikes used by attackers. This reduces the effectiveness of your anti-phishing defenses and increases the risk of successful credential theft and business email compromise.

What Aether365 Checks

Aether365 verifies that at least one trusted domain is configured in your anti-phishing policies. This check appears in the Aether365 dashboard under the microsoft-365 service category and flags policies that lack any domain trust entries.