# MAAD-AF Disabling Anti-phishing

This module enables an attacker to disable anti-phishing policies configured
within an Exchange Online environment.  This allows an attacker the ability to
potentially further a spearphishing campaign without these controls getting in
the way of email delivery.

## Module Overview - DRAFT

**NOTE FOR ENABLEMENT TEAM:** Need to understand how we generate anti-phishing
policies for lab-users and update the below verbiage to suit.

1. From the main Attack Arsenal menu, enter `5` for `Disable Phishing
   Monitoring`.  Read through the MITRE information, and press `<Enter>`
   to continue.

2. When prompted to initiate recon for available policies, enter `Yes`.

   ![MAAD Anti-Phish Recon](images/maad_anti_phish_recon.png)

3. Locate the correct anti-phishing policy assigned to you for the lab in the
   displayed list.

4. When prompted for the policy, copy/paste it from the list, or type the full
   name of the policy.

   Once the specified anti-phishing policy has been set to `Disabled`, a
   success message will be shown as seen below:

   ![MAAD Anti-phish success](images/maad_anti_phish_disabled.png)

5. MAAD-AF will prompt the user to undo the actions just created.  Select `No`
   for the purposes of this exercise.

## Validation

Enter the name of the anti-phishing policy which was disabled.