M365 EOP-AP-E3 Mappings

Mappings

Capability ID Capability Description Category Value ATT&CK ID ATT&CK Name Notes
EOP-AP-E3 Anti-Phishing protect significant T1656 Impersonation
Comments
Policies to configure anti-phishing protection settings are available in Microsoft 365 organizations with Exchange Online mailboxes, standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, and Microsoft Defender for Office 365 organizations. The features provided with Anti-phishing policies in Defender for Office 365 are: Automatically creating default policies, creating custom policies, common policy settings, spoof settings, first contact safety tips, impersonation settings, and advanced phishing thresholds. Microsoft 365's Anti-Phishing protection protects from Phishing attacks due to it's custom policy feature where users can create policies to determine if certain websites used for phishing are necessary for business operations and can block access if activity cannot be monitored well or if it poses a significant risk. License Requirements: Microsoft Exchange Online Protection, Defender for Office 365 plan 1 and plan 2, Microsoft XDR
References
    EOP-AP-E3 Anti-Phishing protect significant T1566.001 Spearphishing Attachment
    Comments
    Policies to configure anti-phishing protection settings are available in Microsoft 365 organizations with Exchange Online mailboxes, standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, and Microsoft Defender for Office 365 organizations. The features provided with Anti-phishing policies in Defender for Office 365 are: Automatically creating default policies, creating custom policies, common policy settings, spoof settings, first contact safety tips, impersonation settings, and advanced phishing thresholds. Microsoft 365's Anti-Phishing protection protects from Phishing attacks due to it's custom policy feature where users can create policies to determine if certain websites used for phishing are necessary for business operations and can block access if activity cannot be monitored well or if it poses a significant risk. License Requirements: Microsoft Exchange Online Protection, Defender for Office 365 plan 1 and plan 2, Microsoft XDR
    References
      EOP-AP-E3 Anti-Phishing protect significant T1566.002 Spearphishing Link
      Comments
      Policies to configure anti-phishing protection settings are available in Microsoft 365 organizations with Exchange Online mailboxes, standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, and Microsoft Defender for Office 365 organizations. The features provided with Anti-phishing policies in Defender for Office 365 are: Automatically creating default policies, creating custom policies, common policy settings, spoof settings, first contact safety tips, impersonation settings, and advanced phishing thresholds. Microsoft 365's Anti-Phishing protection protects from Phishing attacks due to it's custom policy feature where users can create policies to determine if certain websites used for phishing are necessary for business operations and can block access if activity cannot be monitored well or if it poses a significant risk. License Requirements: Microsoft Exchange Online Protection, Defender for Office 365 plan 1 and plan 2, Microsoft XDR
      References
        EOP-AP-E3 Anti-Phishing protect significant T1566 Phishing
        Comments
        Policies to configure anti-phishing protection settings are available in Microsoft 365 organizations with Exchange Online mailboxes, standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, and Microsoft Defender for Office 365 organizations. The features provided with Anti-phishing policies in Defender for Office 365 are: Automatically creating default policies, creating custom policies, common policy settings, spoof settings, first contact safety tips, impersonation settings, and advanced phishing thresholds. Microsoft 365's Anti-Phishing protection protects from Phishing attacks due to it's custom policy feature where users can create policies to determine if certain websites used for phishing are necessary for business operations and can block access if activity cannot be monitored well or if it poses a significant risk. License Requirements: Microsoft Exchange Online Protection, Defender for Office 365 plan 1 and plan 2, Microsoft XDR
        References