Your organization uses Microsoft Defender for Office 365. Users report that some phishing emails are still reaching inboxes despite the anti-phish policy being enabled. You need to reduce the number of phishing emails that bypass the filter. What should you configure?
Spoof intelligence analyzes sender reputation and blocks spoofed senders, reducing phishing.
Why this answer
Option B is correct because spoof intelligence allows you to analyze and block spoofed senders. Option A is wrong because Safe Attachments scans attachments, not the email body. Option C is wrong because Tenant Allow/Block List is for manual overrides.
Option D is wrong because DKIM is an authentication method, not a filtering setting.