This feature uses machine learning models to detect phishing messages.
Spoof intelligence detects when a sender appears to be sending mail on behalf of one or more user accounts within one of your organization’s domains. It enables you to review all senders who are spoofing your domain, and then choose to allow the sender to continue or block the sender. Spoof intelligence is available in the Security & Compliance Centre on the Anti-spam settings page.
Messages identified by the Office 365 service as spam, bulk mail, phishing mail, containing malware, or because they matched a mail flow rule can be sent to quarantine. By default, Office 365 sends phishing messages and messages containing malware directly to quarantine. Authorized users can review, delete, or manage email messages sent to quarantine.