MicrosoftDocs
diff --git a/‎defender-office-365/anti-phishing-policies-about.md‎
Lines changed: 11 additions & 3 deletions b/‎defender-office-365/anti-phishing-policies-about.md‎
Lines changed: 11 additions & 3 deletions
diff --git a/‎defender-office-365/anti-phishing-policies-eop-configure.md‎
Lines changed: 3 additions & 1 deletion b/‎defender-office-365/anti-phishing-policies-eop-configure.md‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎defender-office-365/anti-phishing-policies-mdo-configure.md‎
Lines changed: 4 additions & 2 deletions b/‎defender-office-365/anti-phishing-policies-mdo-configure.md‎
Lines changed: 4 additions & 2 deletions
diff --git a/‎defender-office-365/media/anti-phishing-policies-safety-tip-domain-impersonation.png‎
101 KB b/‎defender-office-365/media/anti-phishing-policies-safety-tip-domain-impersonation.png‎
101 KB
diff --git a/‎defender-office-365/media/anti-phishing-policies-safety-tip-unauthenticated-senders.png‎
23.8 KB b/‎defender-office-365/media/anti-phishing-policies-safety-tip-unauthenticated-senders.png‎
23.8 KB
diff --git a/‎defender-office-365/media/anti-phishing-policies-safety-tip-user-impersonation.png‎
88.6 KB b/‎defender-office-365/media/anti-phishing-policies-safety-tip-user-impersonation.png‎
88.6 KB
diff --git a/‎defender-office-365/media/anti-phishing-policies-safety-tip-via-tag.png‎
17.1 KB b/‎defender-office-365/media/anti-phishing-policies-safety-tip-via-tag.png‎
17.1 KB
@@ -17,7 +17,7 @@ ms.custom:
 description: Admins can learn about the anti-phishing policies that are available in Exchange Online Protection (EOP) and Microsoft Defender for Office 365.
 ms.service: defender-office-365
 search.appverid: met150
-ms.date: 03/26/2025
+ms.date: 04/08/2025
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/eop-about" target="_blank">Exchange Online Protection</a>
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 1 and Plan 2</a>
@@ -179,7 +179,11 @@ Unauthenticated sender indicators are part of the [Spoof settings](#spoof-settin
 
 - **Show (?) for unauthenticated senders for spoof**: Adds a question mark to the sender's photo in the From box if the message doesn't pass SPF or DKIM checks **and** the message doesn't pass DMARC or [composite authentication](email-authentication-about.md#composite-authentication). When this setting is turned off, the question mark isn't added to the sender's photo.
 
-- **Show "via" tag**: Adds the "via" tag ([email protected] <u>via</u> fabrikam.com) in the From box if the domain in the From address (the message sender that's displayed in email clients) is different from the domain in the DKIM signature or the **MAIL FROM** address. For more information about these addresses, see [An overview of email message standards](anti-phishing-from-email-address-validation.md#an-overview-of-email-message-standards).
+  :::image type="content" source="media/anti-phishing-policies-safety-tip-unauthenticated-senders.png" alt-text="Screenshot of an unauthenticated sender in an email message." lightbox="media/anti-phishing-policies-safety-tip-unauthenticated-senders.png":::
+
+- **Show "via" tag**: Adds the "via" tag (`[email protected] <u>via</u> fabrikam.com`) in the From box if the domain in the From address (the message sender that's displayed in email clients) is different from the domain in the DKIM signature or the **MAIL FROM** address. For more information about these addresses, see [An overview of email message standards](anti-phishing-from-email-address-validation.md#an-overview-of-email-message-standards).
+
+  :::image type="content" source="media/anti-phishing-policies-safety-tip-via-tag.png" alt-text="Screenshot of the "via" tag in an email message." lightbox="media/anti-phishing-policies-safety-tip-via-tag.png":::
 
 To prevent the question mark or "via" tag from being added to messages from specific senders, you have the following options:
 
@@ -338,14 +342,18 @@ Impersonation safety tips appear to users when messages are identified as impers
 
   This safety tip is controlled by the value 9.20 of the `SFTY` field in the **X-Forefront-Antispam-Report** header of the message. The text says:
 
-  > This sender appears similar to someone who previously sent you email, but may not be that person.
+  > \<Sender\> appears similar to someone who previously sent you email, but may not be that person.
+
+  :::image type="content" source="media/anti-phishing-policies-safety-tip-user-impersonation.png" alt-text="Screenshot of an email message with a user impersonation safety tip." lightbox="media/anti-phishing-policies-safety-tip-user-impersonation.png":::
 
 - **Show domain impersonation safety tip**: The From address contains a domain specified in [domain impersonation protection](#domain-impersonation-protection). Available only if **Enable domains to protect** is turned on and configured.
 
   This safety tip is controlled by the value 9.19 of the `SFTY` field in the **X-Forefront-Antispam-Report** header of the message. The text says:
 
   > This sender might be impersonating a domain that's associated with your organization.
 
+  :::image type="content" source="media/anti-phishing-policies-safety-tip-domain-impersonation.png" alt-text="Screenshot of an email message with a domain impersonation safety tip." lightbox="media/anti-phishing-policies-safety-tip-domain-impersonation.png":::
+
 - **Show user impersonation unusual characters safety tip**: The From address contains unusual character sets (for example, mathematical symbols and text or a mix of uppercase and lowercase letters) in a sender specified in [user impersonation protection](#user-impersonation-protection). Available only if **Enable users to protect** is turned on and configured. The text says:
 
   > The email address `<email address>` includes unexpected letters or numbers. We recommend you don't interact with this message.
 
@@ -16,7 +16,7 @@ ms.custom:
 description: Admins can learn how to create, modify, and delete the anti-phishing policies that are available in Exchange Online Protection (EOP) organizations with or without Exchange Online mailboxes.
 ms.service: defender-office-365
 search.appverid: met150
-ms.date: 01/29/2025
+ms.date: 04/08/2025
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/eop-about" target="_blank">Exchange Online Protection</a>
 ---
@@ -138,6 +138,8 @@ For anti-phishing policy procedures in organizations with Microsoft Defender for
 
      To turn on a setting, select the check box. To turn it off, clear the check box.
 
+     For examples of what these indicators look like, see [Unauthenticated sender indicators](anti-phishing-policies-about.md#unauthenticated-sender-indicators).
+
    When you're finished on the **Actions** page, select **Next**.
 
 7. On the **Review** page, review your settings. You can select **Edit** in each section to modify the settings within the section. Or you can select **Back** or the specific page in the wizard.
 
@@ -16,7 +16,7 @@ ms.custom:
 description: Admins can learn how to create, modify, and delete the advanced anti-phishing policies that are available in organizations with Microsoft Defender for Office 365.
 ms.service: defender-office-365
 search.appverid: met150
-ms.date: 01/29/2025
+ms.date: 04/08/2025
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 1 and Plan 2</a>
   - ✅ <a href="https://learn.microsoft.com/defender-xdr/microsoft-365-defender" target="_blank">Microsoft Defender XDR</a>
@@ -322,10 +322,12 @@ For anti-phishing policy procedures in organizations without Defender for Office
      - **Show domain impersonation safety tip**: This setting is available only if you selected **Enable domains to protect** on the previous page.
      - **Show user impersonation unusual characters safety tip** This setting is available only if you selected **Enable users to protect** or **Enable domains to protect** on the previous page.
      - **Show (?) for unauthenticated senders for spoof**: This setting is available only if you selected **Enable spoof intelligence** on the previous page. Adds a question mark (?) to the sender's photo in the From box in Outlook if the message doesn't pass SPF or DKIM checks **and** the message doesn't pass DMARC or [composite authentication](email-authentication-about.md#composite-authentication). This setting is selected by default.
-     - **Show "via" tag**: This setting is available only if you selected **Enable spoof intelligence** on the previous page. Adds tag named via ([email protected] via fabrikam.com) to the From address if it's different from the domain in the DKIM signature or the **MAIL FROM** address. This setting is selected by default.
+     - **Show "via" tag**: This setting is available only if you selected **Enable spoof intelligence** on the previous page. Adds tag named via (`[email protected] via fabrikam.com`) to the From address if it's different from the domain in the DKIM signature or the **MAIL FROM** address. This setting is selected by default.
 
      To turn on a setting, select the check box. To turn it off, clear the check box.
 
+     For examples of what these indicators look like, see [Impersonation safety tips](anti-phishing-policies-about.md#impersonation-safety-tips) and [Unauthenticated sender indicators](anti-phishing-policies-about.md#unauthenticated-sender-indicators).
+
    When you're finished on the **Actions** page, select **Next**.
 
 7. On the **Review** page, review your settings. You can select **Edit** in each section to modify the settings within the section. Or you can select **Back** or the specific page in the wizard.