Phish Focus : Settings

Erika Maharjan
Updated

Phish Focus - Settings allows Phriendly Phishing Admins to manage Microsoft 365 connectivity, configure Admin credential for Automation Rules and Enable or Disable Phish Clear and Block List manually on reported emails.

PFSettings.png

Microsoft 365 Tenant Connection

 A Microsoft 365 tenant connection refers to linking your zone or feature within your System to a particular Microsoft 365 tenant.
  1. If you have not logged in yet you will see below image. You can login via Admin Credential for Automation Rules or Manual Action.

  2. Microsoft 365 tenant : If you have logged in, you will see below image. This section shows the current Microsoft 365 tenant connected to Phish Focus and Features Connected to MS 365 Tenant.

     Note : Disconnecting the tenant will disable all Microsoft 365 dependent features, including automation and manual actions.

     

    Settings2.png

  3. Feature connected to MS 365 tenant : This panel shows whether individual Phish Focus features are Connected / Not Connectedto the Microsoft 365 tenant.

     Note : Each feature requires valid Microsoft 365 permissions to function.

     

    Settings3.png 

Admin Credentials for Automation Rules

Automation Rules that perform actions in Microsoft 365 require admin authentication. This section manages those credentials. 
settings4.png

  1. Phish Clear Automation
    1. Shows the number of Active Automation Rules that have Phish Clear enabled.
    2. Displays the Admin Credential Status.
      • ✅ Connected to MS 365 tenant
      • ❌ Not connected to MS 365 tenant
    3. Admins can click Login to sign in to Microsoft 365 using a Microsoft Purview / eDiscovery Administrator account. Once authenticated, Phish Focus can run Phish Clear actions automatically without requiring further logins. settings5.png
  2. Block List Automation
    1. Shows the number of Active Automation Rules that have Block List enabled.
    2. Displays the Admin Credential Status. Displays the Admin Credential Status.
      1. ✅ Connected to MS 365 tenant
      2. ❌ Not connected to MS 365 tenant
    3. Admins can log-in with a Microsoft Purview Administrator account once. This lets you quickly enable Block List for Automation rules without needing to log in again.
    Phish Clear Automation Shows the number of active Automation Rules that have Phish Clear enabled.
  • Displays the Admin Credential status:
  • ✅ Connected to MS 365 tenant
  • ❌ Not connected to MS 365 tenant

  • Admins can click Login to sign in to Microsoft 365 using a Microsoft Purview / eDiscovery Administrator account. Once authenticated, Phish Focus can run Phish Clear actions automatically without requiring further logins.

    • Block List Automation

    • Shows the number of active Automation Rules that have Block List enabled.
    • Displays the admin credential connection status for Block List actions.

    Admins can click Login to authenticate using a Microsoft 365 admin account. This enables automatic blocking of senders or domains via automation rules.
     

Things to Note
Admin credentials are stored securely and are required for automation actions to execute successfully.

 

Manual Actions for Each Reported Email

Admins can manually perform actions on individual reports using this section.

Phish Clear

  • Enable Phish Clear toggle:
    • When enabled, admins can manually perform Phish Clear actions from a report.
    • Requires an active Microsoft 365 tenant connection.

Block List

  • Enable Block List toggle:
    • Allows admins to manually block senders or domains from reported emails.
    • Also requires a valid Microsoft 365 connection.

 Note: Manual actions provide flexibility for analysts when automation rules are not triggered.

 

Email Templates

Email Templates page allows admins to manage standard email responses used throughout Phish Focus. These templates are commonly used when responding to reported emails and notifying users of investigation outcomes.

Email templates can be used manually by admins or automatically via Automation Rules and Send Email actions.

There are 2 default email template provided. 

  • Malicious – Response to reporter
    Used when a reported email is confirmed malicious or suspicious.
  • No Threat Detected – Response to reporter
    Used to reassure users when a reported email is clean.

These templates can be edited or duplicated to suit your organisation’s messaging standards.
Only Active templates are available for use. Inactive templates will not appear in Send Email actions or automation rules. 

Admins can also create their own customised email templates

  1. Click + New Template in the top‑right corner.
  2. Define:
    • Template name (Mandatory)
    • Description (Mandatory)
    • Subject
    • Email content (Mandatory)
  3. Use supported tokens to dynamically populate email details (for example, sender, report status, or reported email information).
  4. Save the template to make it available for use.

    You will then be able to see the new custom template created.

Related to

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.