ms365 profile bec
Use this command to configure business email compromise (BEC) profile rules for the administrator account of the Microsoft 365 domain. To avoid false positives and false negatives, assign scores to adjust the weight allocated to each of the most common BEC attack types, such as cousin domains, suspicious characters, sender alignment, action keywords, and URL categories.
Once configured, BEC profiles are then used in antispam profiles.
Syntax
config profile bec
edit <name>
config rule
set comment <string>
edit <order-integer>
set action-keyword-score <float>
set cousin-domain-score <float>
set malformed-email-score <float>
set name <string>
set sender-alignment-score <float>
set suspicious-character-score <float>
next
end
end
Syntax
Variable |
Description |
Default |
action <datasource> | Enter an antispam action profile name for the rule. |
|
action-keyword-score <float> | Enter a weight-adjusted score for actions keywords. |
10.000000 |
cousin-domain-score <float> | Enter a weight-adjusted score for cousin domains. |
10.000000 |
malformed-email-score <float> |
Enter a weight-adjusted score for malformed emails. Malformed emails are those emails that contain malformed data in the email structure, header, or body. For more information, see RFC 7103. |
10.000000 |
name <string> | Enter a name for the rule. |
|
Enter a weight-adjusted score for sender alignment. Sender alignment checks for a Header From and Envelope From domain mismatch. |
10.000000 |
|
Enable or disable the profile rule. |
enable |
|
Enter a weight-adjusted score for suspicious characters. |
10.000000 |
|
Define the threshold at which point actions are taken. This score is allocated to the other categories. |
50.000000 |
|
Enter a URL profile to assign to the URL category ( |
unrated |
|
url-profile-score <float> | Enter a weight-adjusted score for URL profiles that analyze any phishing URLs contained within emails. |
10.000000 |