Since BEC scams target high profile users such as company executives, Cloud App Security allows you to add high profile users who are likely to be impersonated for detection and classification.
Specify the email display names and optionally email addresses of the high profile users who might be frequently impersonated. Cloud App Security will check incoming email messages claimed to be sent from those users, apply fraud checking criteria to identify forged messages, and enable you to take actions on the BEC attacks.
High Profile Users apply to all BEC detection technologies used by Cloud App Security. However, if you want to use writing style analysis to spot probable BEC attacks, you must specify the email address of a high profile user.
As a global setting, the specified high profile users are applicable to all Advanced Spam Protection enabled policies for Exchange Online for BEC detection. For details, see Configuring Advanced Spam Protection.
Specify individual users or select users from groups as high profile users.
A maximum of 500 users can be added.
Click Add > User, specify the first name, middle name (optional), last name, and email address (optional) of the user on the Add High Profile User screen that appears, and click Save.
To apply writing style analysis to a high profile user, make sure to enter the user's valid company email address.
Click Add > From Groups, select users from one or multiple groups on the Add High Profile Users from Groups screen that appears, and click Save.
Remove one or multiple users from the high profile user list.
Select one or multiple users and click Delete.
If writing style analysis is not enabled in any of the Advanced Threat Protection policies for Exchange Online, Writing style analysis not enabled displays.