Microsoft are extending enhanced anti-spoofing capabilities to all Exchange Online Protection (EOP) organizations. Previously, this feature was only available to E5 and Advanced Threat Protection (ATP) add-on organizations.
If you are an existing E5/ATP customer, then this feature is already available to you and your current protection will not be impacted by this change. If you have previously disabled enhanced anti-spoofing in your anti-phishing policy or via customer support, you will not be impacted.
How does this affect you?
After this change takes place, your organization will have access to enhanced anti-spoofing functionality that utilizes cloud intelligence, sender reputation and patterns to identify potentially malicious domain spoofing attempts.
The new functionality works in conjunction with existing standards-based email authentication checks (DMARC/DKIM/SPF). Once this feature is enabled, messages that fail the extended implicit authentication checks will be automatically sent to the junk mail folder. You can use policies to customize these actions and turn this functionality on and off.
Microsoft are also updating the Get/Set-PhishFilterPolicy cmdlet to allow you to block/allow domains that are allowed to send spoofed mails, as well as the Get/Set-AntiphishPolicy cmdlet to let you modify the policies applied to spoofed messages. After the cmdlet changes, they will also roll out policy options in your Security and Compliance center.
If you have domain ‘allow’ or ‘safe’ sender policies or transport rules in place, they will not be impacted.
Policy options for these changes are now available via the Get/Set-AntiPhishPolicy cmdlet mentioned above, and will be available in your Security and Compliance center under threat management -> policy page -> anti-phishing, starting October 8, 2018. Microsoft will begin rolling this protection out and will be enforcing changes after October 15, 2018.
If you wish to receive protection from the enhanced anti-spoofing capabilities there is no need to take action, you will receive it by default.