Advice through experience in Office 365, Security, and Azure
Email Phishing Protection Guide – Blog 19: Email Phishing Protection Security Checklist

Email Phishing Protection Guide – Blog 19: Email Phishing Protection Security Checklist

The Email Phishing Protection Guide is a multi-part blog series written to walk you through the setup of many security focused features you may already own in Microsoft Windows, Microsoft Office 365, and Microsoft Azure. By implementing some or all of these items, an organization will increase their security posture against phishing email attacks designed to steal user identities. This guide is written for system administrators with skills ranging from beginner to expert.

Introduction: Email Phishing Protection Guide – Enhancing Your Organization’s Security Posture

Part 1: Customize the Office 365 Logon Portal

Part 2: Training Users with the Office 365 Attack Simulator

Part 3: Deploy Multi Factor Authentication (MFA)

Part 4: Deploy Windows Hello

Part 5: Define Country and Region Logon Restrictions for Office 365 and Azure Services

Part 6: Deploy Outlook Plug-in to Report Suspicious Emails

Part 7: Deploy ATP Anti-Phishing Policies

Part 8: Deploy ATP Safe Link Policies

Part 9: Deploy ATP Safe Attachment Policies

Part 10: Deploy and Enforce Smart Screen for Microsoft Edge, Microsoft Internet Explorer and Google Chrome

Part 11: Monitor Phishing and SPAM Attacks in Office 365

Part 12: Discover Who is Attacking Your Office 365 User Identities

Part 13: Update Your User Identity Password Strategy

Part 14: Prevent Brute Force and Spray Attacks in Office 365

Part 15: Implement the Microsoft Azure AD Password Protection Service (for On-Premises too!)

Part 16: Disable Office 365 Legacy Email Authentication Protocols

Part 17: Control Application Consent Registrations in Microsoft Office 365 and Microsoft Azure

Part 18: Increase Security with Microsoft Secure Score

Part 19: Email Phishing Protection Security Checklist

Part 20: Recommended Security and Anti-Phishing Training from Microsoft Ignite 2018

Part 19: Email Phishing Protection Security Checklist

Now that you have read about the many features in Microsoft Office 365 and Microsoft Azure to secure your environment, it is now time to implement these items. So how do you do it? What is the most important item you can implement now that will be the least user impacting? Below, I have outlined an implementation plan example based on the topics in this guide.

As you review this guide and the implementation plan below, remember that in the world of security there is no finish line to reach a completely secure environment. This is a constantly evolving field where attack vectors are constantly changing. At Microsoft, the guiding principle of our security strategy is to “assume breach” where a team of more than 3,500 global security professionals identity and mitigate any attack on the Microsoft cloud environment. As outlined in this guide, you can raise the security posture of your organization even higher by adjusting settings in products you may already own in the Microsoft cloud.


  • Enable Multi-Factor Authentication (MFA) for your Administrator accounts
  • Reduce the number of Administrator accounts to less than five
  • Evaluate your Microsoft Secure Score and Microsoft Identity Score to identify additional security settings to implement
  • Implement Advanced Threat Protection (ATP). Define all three policies: Anti-Phishing, Safe-Links, Safe-Attachments. If you do not currently own ATP, consider a 30 day trial.
  • Discover who is attacking your Office 365 User Identities
  • Review logs for Legacy Authentication activity
  • Review reports for SPAM campaigns and identify the most targeted users

Two Weeks

  • Deploy the Outlook Plug-In to Report Suspicious Email
  • Block Legacy Authentication with a Conditional Access Policy
  • Turn on Password Hash Sync
  • Import Azure AD Logs into your SIEM systems

30 Days

  • Communicate to users about the new Outlook Plug-In to Report Suspicious Email
  • Begin designing a new user security training program
  • Initiate Brute Force and Password Spray attack against your own users
  • Initiate a simulated spear phishing attack
  • Modernize your password policy with Azure Active Directory Password Protection
  • Implement the Azure Geo-IP filter policy

90 Days

  • Enable user risk policy
  • Enable sign-in risk policy
  • Review application consent permissions and prevent future permissions
  • Implement Windows Hello
  • Deploy Microsoft Smart Screen

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: