Beginning Monday, December 15, 2025, Cornell will enable more aggressive anti-phishing protections that come with our investment in Microsoft A5 Defender. 

These settings have previously been piloted by CIT and other IT staff and did not result in any major issues. 

What to expect

The new anti-phishing settings should reduce the number of phishing email messages received by Cornell accounts. 

While a significant number of false positives are not anticipated, customers are advised periodically to review their Outlook Junk folders to be sure. The pilot phase of the new anti-phishing policy did not result in false positive issues.

If any safe content does inadvertently end up in the Junk folder, be sure to right-click on the message and select Report, then Not Junk.

Why are we making this change?

As you may be aware, online criminals have been aggressively targeting higher education institutions, resulting in major breaches, with Princeton, Harvard, Columbia, NYU as recent examples. In nearly all instances, the breach began with an unsophisticated phishing attack. Cornell has seen a surge of successful phishing attacks in recent months requiring us to make this urgent change amongst others, such as changes to Duo, enabling DMARC, requiring Secure Connect, etc.

Questions or concerns

Please contact Pete Bosanko (pb10@cornell.edu) with questions and concerns.