Check Point Email Security | Blog

How to Create a Policy to Quarantine Phishing and Malware Emails in Office 365

Written by Reece Guida | October 26, 2018

Learn how to create a policy that quarantines phishing and malware emails before they hit your users' Office 365 inboxes. This goes beyond just the emails that Microsoft identifies as malicious, and will catch even the most advanced email attacks that bypass their security.

 

 

Walkthrough

1. Click "POLICY" from the menu on the left side of the platform's home page. 


2. Click "Add a New Policy Rule" at the top right of the screen. 



3. On the new page, choose "Office 365" as the SaaS and "Threat Detection" for security. Click the blue "Next" button at the bottom right of the screen.



4. Name the Rule (Policy) and select "Protect (inline)" as the mode this policy will run in. Then, click "Advanced."

 

5. Click the dropdown arrow for "Malicious attachment workflow" (malware) and "Phishing workflow." For both, select "Quarantine. User is alerted and allowed to request a restore (admin must approve)." Do not change the other options listed below. 



6. Under "Alerts," check the box that reads "Send email alert to admin(s) about phishing." Then, click "Save and Apply" on the bottom right of the screen.



7. You will be redirected to the Policy Rules page, where you can confirm that the "Office 365 Emails Threat Detection" policy to quarantine phishing and malware is running.