Today I was working with a client to change settings on various policies to make sure that we had all of the Safety Tips enabled in their Exchange Online Environment. The exercise wasn’t too bad, but there are some strange crossover confusion between Exchange Online and the Security and Compliance Center as well as just configuring the settings (which are ‘hidden’). This article is more for education as well as suggesting a fix for Microsoft to consider (there will be a poll at the bottom if you want to express your opinion).
** Remember that these settings require that you have E5 licensing as they light up the Anti-Phishing policies **
configuring Safety Tips in Anti-Phishing Policies
By default these safety tips are off in the default policy (which we cannot touch until we have a custom policy configured). We can see the settings in the Security and Compliance Center by navigating to Threat Management –> Policy –> Anti-phishing. When we open the default policy, we see the following:
Notice the red bock highlights the default settings for tips. We can configure the tips by click Edit (or at least it appears we can):
This brings up the settings for Impersonation. Let’s look at the Action Tab as that seems closest to the settings we need:
Yet, the settings are not here … unless we click on the link that is outlined in red above. If we click on that we see the Safety Tips:
We can toggle all three of these to get all Safety Tips enabled:
The Visual Problem
While that was easy enough to find with guidance, that link does not scream Safety Tips! See how the tabs for an Anti-Phishing Policy line up with the policy:
As we can see there is no direct correlation for Safety Tips. What I am proposing is that we get rid of that silly link and put in a proper tab for Safety Tips like this:
If you like or hate this idea, please fill out the poll at the end of the article.
PowerShell
PowerShell also reveals some more inconsistencies or other settings that are available for Anti-Phish policies. To further complicate things, and something to keep in mind, is that these policies, while configurable in the Security and Compliance Center GUI, can only be configured in Exchange Online PowerShell. Why is this? There are no Phishing PowerShell cmdlets in the SCC PowerShell Module whereas Exchange Online has a bunch:
Disable-AntiPhishRule Enable-AntiPhishRule Get-AntiPhishPolicy Get-AntiPhishRule Get-PhishFilterPolicy New-AntiPhishPolicy New-AntiPhishRule Remove-AntiPhishPolicy Remove-AntiPhishRule Set-AntiPhishPolicy Set-AntiPhishRule Set-PhishFilterPolicy
If we review the tips with PowerShell, we find that there are four and not three tips to configure:
Get-AntiPhishPolicy |ft name,*tip*
Here are the four Safety Tips:
EnableSimilarUsersSafetyTips EnableSimilarDomainsSafetyTips EnableUnusualCharactersSafetyTips EnableSuspiciousSafetyTip
Which is one more that the GUI. We can only configure three of three four as the fourth has no available parameter for it:
Set-AntiPhishingPolicy Default -EnableSimilarUsersSafetyTips $True EnableSimilarDomainsSafetyTips $True -EnableUnusualCharactersSafetyTips $True
Poll
This is a quick one. Do you think there should be a tab for Safety Tips to make it more obvious?