How to configure your organisation to support a positive phishing campaign
Positive phishing is about more than just sending out simulated phishing emails; it's about creating a culture of security awareness and collaboration in schools. When staff feel supported and educated rather than penalised, they are more likely to engage actively in cybersecurity efforts, making the school safer.
Before you start, you'll need to configure your Microsoft Defender implementation to support reporting potential phishing emails as part of your Secure Schools phishing simulation campaign. If you're unsure how to do this, this article at Microsoft provides a good starting point.
To incorporate Secure Schools' Phishing simulations into your campaign:
- Create a contact for the following email address eu-west@reports.secureschools.com
- Create a distribution list for your users to send our phishing emails to, we recommend something like "phishing@schoolname.com" ensure you also enable the following setting
- Add eu-west@reports.secureschools.com to the new phishing distribution list.
- In Microsoft Defender, open System, select Settings, and click on Email & collaboration
- In the menu that opens, select User reported settings, then scroll down to Reported message destinations and update the two fields to ensure Send reported messages to is set to My reporting mailbox only and that the phishing email address you created above is added to the second field.
- Click Save
Note that these changes may take time to propagate. In most circumstances, this is under an hour, but it may take longer.
You can review the submissions your users have made at security.microsoft.com/reportsubmission