Impersonated domain attacks are on the rise, making it easier for cybercriminals to trick employees with emails that look like they come from trusted sources. If you use Microsoft 365, enabling impersonated domain protection is a vital step to securing your company’s communications. This guide walks you through the process clearly, even if you’re not an IT expert.
What Is Impersonated Domain Protection?
Impersonated domain protection helps prevent attackers from sending emails that appear to come from your organization’s trusted domains. This feature is part of the anti-phishing tools included in Microsoft 365 Defender, helping safeguard your business against increasingly sophisticated threats. When set up correctly, it can help keep phishing attempts out of your inbox and protect your company’s reputation.
Step-by-Step: Enable Impersonated Domain Protection in Microsoft 365
Step 1: Sign in to Microsoft 365 Defender
Start by visiting the Microsoft 365 Defender portal. Sign in using your administrator account that has the necessary permissions to manage security policies.
Step 2: Navigate to Threat Policies
In the left-hand menu, click on Email & collaboration. Under the Policies & rules section, select Threat policies.
Step 3: Access Anti-Phishing Policies
Click Anti-phishing. Here, you’ll see a list of existing policies. Either click on an existing policy or choose Create to start a new one tailored to your needs.
Step 4: Configure Impersonation Protection
Within the policy settings, find the Impersonation protection section and be sure that Enable impersonation protection is checked. Now you can begin adding the domains you want to shield:
- Click Add under the Impersonated domain section.
- Type in your organization’s domain (like yourcompany.ca) and any trusted domains you want to protect.
- Once you’ve entered all relevant domains, click Save.
You can also decide what happens to detected impersonated messages. For example, you might want suspicious emails sent straight to Junk or even Quarantine for review. Choose the action that best matches your company policy.
Step 5: Review and Save the Policy
Before applying changes, double-check all your settings. Confirm that you’ve added the necessary domains and chosen the right actions. When you’re ready, click Save to activate impersonation protection.
Step 6: Monitor Policy Effectiveness
After setup, monitoring is key. Go back to the Microsoft 365 Defender portal and use the Reports section under Email & collaboration to view statistics on impersonation attempts and blocked threats.
Extra Tips for Effective Protection
- Check Your Licensing: Some features require Microsoft Defender for Office 365 Plan 1 or Plan 2 (included in E5 supplies). Make sure your subscription includes impersonation protection.
- User Training: Teach staff how to spot phishing messages—even with protection in place, human awareness is crucial. For more, read our tips on Cyber Security.
- Review Policies Regularly: As your organization grows or threats evolve, re-visit anti-phishing rules for optimal coverage.
- Consider Backup Solutions: Even the best filters can’t stop every threat. Regular Backup Services (Server & Microsoft 365) ensure your data is safe if malware does slip through.
Partner with Canadian Cybersecurity Experts
Enabling Microsoft 365 impersonation protection is just one part of a full cybersecurity strategy. At System Support, we’ve been helping Canadian businesses for over 15 years to stay secure and productive. Whether you need Managed IT Services, cyber risk assessments, or day-to-day support, our team is here to help.
Ready to bolster your email security and protect your business from evolving threats? Request a quote for tailored cybersecurity services today!
