Hi all, 

We are looking at ways to handle emails that could potentially be impersonation emails. The filtering we have at the moment doesn’t have any kind of handing of that, apart from an email letting them know it could be.

Is it possible for Defender to review an email for similar criteria (sender and recipient), flag it as an impersonation, block it and then tell the administrator or the end user, for them to release?

We have defender for email protection but do not really use it – which I want to change.

Any guidance or suggestions for a better handing would be very appreciated.

Kind regards

Tom

​Hi all,  We are looking at ways to handle emails that could potentially be impersonation emails. The filtering we have at the moment doesn’t have any kind of handing of that, apart from an email letting them know it could be. Is it possible for Defender to review an email for similar criteria (sender and recipient), flag it as an impersonation, block it and then tell the administrator or the end user, for them to release? We have defender for email protection but do not really use it – which I want to change. Any guidance or suggestions for a better handing would be very appreciated. Kind regardsTom  Read More

​