561 votes26 comments · Office 365 Security & Compliance » Spam & Phishing · Flag idea as inappropriate… · Admin →
ATP does not consider mails from other Office 365 tenants, or even mailboxes inside of your tenant, as safe. The best way to put a stop to this is to follow the recommendations in SecureScore for your tenant; and report phishing mails to us promptly. Also, make sure that the sender is not allowed either by the tenant configuration or the user safelist.None commented
Redditor hot-ring suggested using mail flow rules to prevent autoforward emails from being generated. https://i.imgur.com/4ymD08W.png example policy. Overall discussion can be found at https://www.reddit.com/r/sysadmin/comments/8waf8z/office_365_phishing_emails_are_because_of_a/.
Additional suggestions included requiring 2FA, and using 3rd party mail filtering services.