622 votes31 comments · Office 365 Security & Compliance » Spam & Phishing · Flag idea as inappropriate… · Admin →
ATP does not consider mails from other Office 365 tenants, or even mailboxes inside of your tenant, as safe. The best way to put a stop to this is to follow the recommendations in SecureScore for your tenant; and report phishing mails to us promptly. Also, make sure that the sender is not allowed either by the tenant configuration or the user safelist.
Azure Active Directory Conditional Access has functionality for “Countries/Regions” – see https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition
That said, the most effective protection you can have against password spray attacks is to enable MFA and disable basic authentication. If you cannot do this for your entire organization, then blocking user access to legacy protocols like POP, EWS, IMAP and SMTP is another step you can take. Exchange Online Client Access Rules can help you to further customize (https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/client-access-rules/client-access-rules). For additional recommendations, please see Office 365 Secure Score.
That said, please know that we are listening to feedback and working on solutions to help make Office 365 users more secure. Thank you for the feedback.
We are working on adding this to the Partner Portal. In the meantime, the partner can access it by appending the customer’s domain to the URL, e.g., https://protection.office.com/contoso.com.
An error occurred while saving the commentPhil Hopkins commented
Come on! What a pain ********** it was today when a phishing attack got spread by 365 to 7000 contacts! the outbound spam protection did not work even after having to create an admin account to access the dashboard. I am so annoyed this is my first post!