Each domain has a Anti-phishing policy applied to it, or the default policy is being used.

Why This Matters

Anti-phishing policies are critical for protecting users against impersonation, spoofing, and credential theft. Without a dedicated anti-phishing policy applied to each domain, your organization may rely solely on default protections that lack tailored safeguards. This leaves high-risk users or sensitive domains exposed to advanced phishing attacks.

What Aether365 Checks

This check verifies that every domain in your Microsoft 365 tenant has an anti-phishing policy assigned, or that the default policy is actively in use. It appears in the Aether365 dashboard under microsoft-365 checks with a medium severity alert.