After a recent phishing attack, you decide to investigate whether custom configurations contributed to the breach. One particular concern is that some users clicked on links from emails that bypassed your existing security measures. What should be your first step in investigating whether custom configurations allowed this email to bypass security measures?