Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
In addition to the protections offered by Microsoft 365 for business, there are other steps all users can take you help protect the organization. Make sure everyone understands the following concepts:
- Spam or junk mail: There are many reasons you might receive junk email and not all junk mail is harmful. However, you can reduce the risks of attacks by taking steps to reduce the amount of junk mail you receive.
- Phishing: Phishing is an email that seems legitimate but is an attempt to get your personal information, credentials, or money.
- Spoofing: Spoofed messages appear to come from someone other than the actual sender. For example, you have you ever received an email that appears to come from you?
- Malware: Malicious software that can be installed on your computer after you select a link or open an attached file in an email message. There are various types of malware (for example, ransomware, when your computer is taken over), but you don't want any of them.
Use the following best practices to help users fend off attacks through email.
Reduce spam: Use the following best practices to help reduce the amount of unwanted mail you receive: 10 tips on how to help reduce spam.
Report suspicious messages: Use the built-in Report button in Outlook on all platforms or Outlook on the web (formerly known as Outlook Web App or OWA).
Admins configure whether the messages are sent to Microsoft for analysis, to a designated reporting mailbox, or both as described in User reported settings.
Admins can also see user reported messages on the User reported tab of the Submissions page in the Microsoft Defender portal as described in Admin options for user reported messages.
Avoid phishing: Read about five common types of scams in Phishing and suspicious behavior in Outlook. And use the following best practices:
- Never reply to email asking for personal or account information.
- Never select links in suspicious messages.
- Never open file attachments in suspicious messages.
- If an email appears to come from a company, verify the message by using other resources to find and contact the company (don't use links or contact information in the email).
- Search the web for the email subject line to see if anyone else reported the message as a scam.
Download this infographic: The infographic contains tips for admins and users:
