User Coverage for Microsoft Anti-Phish Policy
We use custom threat policies for anti-phish and anti-spam in Microsoft Defender, and Security Center's remediation list is showing us that 56% of users are covered by the custom policy, and 44% are covered by the default policy which is less secure than the recommendations. Since we're not specifying individual user accounts, but our recipient domains for coverage, all users should be covered by the custom policy, but evidently not. Are they guest users? We have more guest users than the quantity reported to make up the 44%.Perhaps it's a licensing coverage issue, but I don't see the numbers line up in my comparison so far.
The easy way to address this would be for Security Center to give me a list of the users it's referring to. I've looked in Security Center reports and Powershell and can't figure out how to determine which users are covered by which threat policies.
Does anyone know of a way to get a list of users and the anti-phish policy that is assigned to them?
