How to Set Up Defender for Office 365: A Complete Guide

00:00

now a while ago I created a video called

00:02

configuring Defender for Office 365 plan

00:05

one but Microsoft have got a bit of a

00:08

habit of changing things and adding new

00:11

features so that video is a bit out of

00:14

date so today's video is configuring

00:17

Defender for Office 365 plan 1 2024 but

00:22

before we start just a quick intro my

00:24

name is Jonathan Edwards also known as

00:27

the B 365 guy I have businesses all over

00:31

the world with their Microsoft 365 you

00:34

can get more information at be 365 guy

00:38

Toom now with every mailbox that you buy

00:40

from Microsoft 365 you do get a very

00:43

basic level of protection this is called

00:47

exchange online protection and it

00:49

features things like anti- fishing anti-

00:52

spam and anti- malware however a lot of

00:56

cyber attacks originate from email so if

00:59

there's better protection out there from

01:01

Microsoft you should be getting it and

01:04

Defender for Office 365 is the best

01:07

protection for email that Microsoft

01:09

offer now Defender for Office 365 does

01:12

come in two flavors there's plan one and

01:16

there's plan two most of our customers

01:18

use plan one because plan one comes with

01:22

Microsoft 365 business premium if you

01:25

want you can buy Defender for Office 365

01:28

plan one as a single single product this

01:31

costs

01:32

£164 per mailbox per month but the thing

01:35

is you can't just buy the license and

01:38

Defender for Office 365 just starts

01:41

working no no no no no you've got to

01:44

configure it and you've got to configure

01:46

it the right way for your business now

01:49

there are a couple of ways that you can

01:51

configure it there's an easy way where

01:53

you just basically go through the

01:55

settings and accept Microsoft

01:58

recommendations or if that doesn't suit

02:00

you there's a hard way and lucky for you

02:04

I'm going to show you both in today's

02:06

video let's start with the easy way

02:09

these are called preset security

02:11

policies and we're basically just

02:13

accepting Microsoft's

02:15

recommendations let me show you how to

02:17

do that so I'm logged into the Microsoft

02:20

365 admin Center in my test Tenon what I

02:23

need to do to start with is go to admin

02:25

centers and then click on security now

02:28

once that has launched we can see here

02:30

this is email and collaboration and this

02:32

is where Defender for Office 365 lives

02:35

so I click on that drop drop Arrow there

02:37

and go to policies and rules and go to

02:40

threat

02:41

policies now to begin with we're going

02:43

to look at the Microsoft preset security

02:46

policies so I'll look at that and you

02:48

can see I've got three blocks here I've

02:51

got some built-in protection now this is

02:53

as a name suggest it's built in this is

02:56

a basic level of protection that will

02:59

come switched on with the on Microsoft

03:01

365 tency we've also then got standard

03:04

protection and strict protection now

03:07

these are usually a bit more aggressive

03:09

than the built-in protection so you've

03:11

got more features now you can see that

03:13

both of these are switched off and you

03:16

can also see it's fairly easy to switch

03:18

them on and I'm going to go through

03:20

those settings in a moment but you might

03:22

be wondering what's included in the

03:24

built-in protection what's included in

03:26

the standard protection when you switch

03:28

it on and like requires the strip

03:31

protection so we're going to have a look

03:32

at this web page here and I will link

03:35

this below the video here's all the

03:37

settings that are included in the preset

03:40

policies I can scroll down and the first

03:43

section here is the anti malware and you

03:46

can see we've got all the settings there

03:49

I'm just going to scroll down to the

03:50

anti- spam policy settings again if I

03:53

expand this table you can see along the

03:56

top we've got the default the standard

03:58

and the strict so let's have a look at a

04:00

setting here bulk email threshold okay

04:05

with the default that is set to seven so

04:08

that's going to allow more bulk email

04:11

through with the standard it's set to

04:13

six it's going to allow less bulk email

04:17

through and the strict is set to five so

04:21

a lot more bulk email will get caught in

04:24

the quarantine so that is one setting

04:27

we've looked at but there's an awful lot

04:28

of settings for example if Microsoft

04:32

thinks that an email is fishing with the

04:35

standard or with the default that's

04:37

going to move that email to the junk

04:39

email folder but with the standard and

04:41

the strict it's actually going to

04:43

quarantine that email it's not going to

04:45

put that anywhere near Microsoft Outlook

04:47

so you can have a look at all these

04:49

settings and you can decide which is the

04:52

right level of protection for you and

04:54

again these are just standard policies

04:56

we can't change any of these so if I go

04:59

back to hear it's worth noting you don't

05:03

have to choose one level of protection

05:06

for everyone in your business let me

05:08

explain we might decide that the people

05:12

in the executive team or the managing

05:14

director the chief executive we want to

05:17

enroll them with strip protection and

05:20

everyone else in the business we're okay

05:22

with standard protection we can

05:24

absolutely do that so let's look at the

05:27

standard protection here so click on

05:29

here now the first thing we do is look

05:31

at exchange online protection so

05:33

exchange online protection is anti-spam

05:36

anti-malware and anti- fishing so who do

05:39

we want to apply this to so at the

05:42

moment it says nobody or I can choose

05:45

specific recipients so here I can choose

05:48

individual users I can look at

05:50

individual groups so if I've got a group

05:52

called management or executive I could

05:55

add that group in here or I can choose

05:57

different domains so I might have

05:59

different domains within my tency and I

06:02

can add different levels of protection

06:05

per domain but for the purpose of this

06:07

tutorial let's just go with all

06:10

recipients I'll click on next and then

06:12

it's going to ask us about the defender

06:14

for 365 protection so Defender for

06:17

Office 365 is the advanced stuff things

06:20

like safe attachments and safe links

06:22

you'll see these in more detail later so

06:25

again I can apply this protection to

06:27

previously selected recipent I so if I

06:30

have chosen some groups and some users

06:32

in the last setting it will be quicker

06:35

just to carry those settings over I can

06:37

do specific recipients again different

06:40

recipients or I can choose all

06:42

recipients again click on next and then

06:44

we're going to look at impersonation

06:46

protection so that is when someone

06:48

pretends to be someone in your business

06:51

usually a senior figure so if I'm a

06:53

cyber criminal I might pretend to be

06:55

your CEO I might create a bogus email

06:58

and I might send it to the finance

07:00

department to try and get money out of

07:02

you so who do you want to protect when

07:05

it comes to impersonation now here it's

07:08

best to to manually add all the users in

07:11

your business who you want to protect

07:14

usually it's senior figures so what I

07:16

would do here I would click in this

07:18

email choose the user Mickey Mouse and

07:21

simply click on ADD so Mickey Mouse is

07:24

protected with impersonation click on

07:27

next and then we want to look look at

07:29

the domains as well so we want to add

07:31

all the domains a that we own and also

07:35

our key suppliers and partners so if

07:37

we're dealing with specific customers

07:39

all of the time let's add the domain in

07:42

here but I will just add my car domain

07:45

Okay click on ADD and I'll add that in

07:47

there click on next now on here we've

07:50

got the ability to add trusted email

07:53

addresses and domains so Microsoft do

07:56

not even flag it as

07:57

impersonation okay so you can add them

07:59

in here now a good tip here I've seen it

08:02

before where a CEO of a business used

08:05

his personal email address to email his

08:08

work email address perhaps out of hours

08:10

or something like that and because he

08:12

obviously had the same name Microsoft

08:15

flaged that up as impersonation so he

08:17

got pretty annoyed that every time he

08:20

emailed from his private email address

08:21

into his work email address the email

08:24

was getting caught in quarantine so what

08:26

he could have done here is just add his

08:28

email address in here personal one Okay

08:31

click on next and then we can turn the

08:33

policy on when finished or we can leave

08:36

it turned off click on next and there it

08:39

is so I would click on confirm got a lot

08:42

of green ticks click on done you can see

08:44

that that is switched on so that is as

08:46

easy as that the same basically applies

08:49

to strict protection you can go through

08:52

it's the same settings that you choose

08:54

but you're just getting a different

08:56

level of protection okay so I won't go

08:58

through all of those

09:00

that is basically how to apply the

09:03

preset policies now you can see

09:05

configuring Defender for Office 365

09:08

using Microsoft's recommendations only

09:11

takes a few minutes but what if the

09:13

preset security policies don't suit your

09:16

business or what if you want more

09:19

control over your email security well to

09:22

do that you can't use the preset

09:24

policies you've got to go in and you've

09:26

got to create all your own policies do

09:29

you want me to show you how to do that

09:31

okay let's go okay so we're back in the

09:34

threat policies screen now the first

09:36

thing I like to do before I start

09:38

configuring these five policies here I

09:40

go into the quarantine policies and what

09:43

I do is I create a new quarantine policy

09:46

for the customer that I'm working with

09:48

just before I do that you can click into

09:50

global settings here and there are a few

09:53

things that you can do so you can set a

09:55

display name so these are the the emails

09:58

that people received let them know that

10:00

some emails have been stuck in

10:01

quarantine you can choose a subject you

10:04

can choose the language and you can even

10:06

upload the company logo I think it's

10:08

well worth doing because it just makes

10:10

that email look a little bit more

10:12

personalized what I also do here so send

10:15

and user spam notifications it's set at

10:18

Daily I like to put within 4 hours I

10:20

think it's important people receive them

10:23

quickly I will click on save for that

10:25

okay click on okay just close that out

10:27

there

10:29

okay next up we're going to add a custom

10:32

quarantine policy now just give this

10:34

policy a name might be something like

10:36

that you can call it whatever you want

10:37

but click on

10:38

next and then we've got the recipient

10:41

message access so if I just choose on

10:43

limited access it tells us what that is

10:46

so what access do we want the recipients

10:48

of these quarantine emails to be able to

10:50

do with the quarantine emails so when we

10:53

look at limited access what they can do

10:56

is they can preview the message they can

10:58

request message releases they can delete

11:01

messages and they can allow certain

11:03

senders but with limited access

11:05

recipients can't release messages from

11:09

quarantine so it has to be done at an IT

11:12

level or an admin level okay now if I

11:15

look at the set specific access this is

11:18

Advanced so the release action

11:21

preference allow recipients to request a

11:23

message or allow recipients to release a

11:26

message I prefer this I like to give

11:29

more control to the end user I like to

11:33

educate them on cyber security but then

11:35

fundamentally give them the control you

11:37

might agree with that you might disagree

11:39

with that either is okay and then we can

11:42

select additional access that recipients

11:44

can take so they can delete they can

11:46

preview block senders and allow senders

11:49

that is how I set it up I click on next

11:52

we're going to enable this notification

11:55

okay and this is an option here that we

11:56

can include or don't include quar 20

11:59

messages from block sender so I will

12:01

keep that as don't and click on next

12:04

I've got that summary and I click on

12:05

submit okay I got some nice green ticks

12:08

click on done and you can see that my

12:10

quarantine policy is now there so I can

12:13

head back here now to the threat

12:15

policies and what I've got to do now for

12:17

the rest of this video we're going to

12:19

create these different policies so we'll

12:21

start off with anti- fishing click on

12:23

there okay we've got these default

12:26

policies here that we discussed earlier

12:28

so the default one the built-in is

12:30

always on the standard one which we

12:32

switched on is now switched off so I'm

12:35

going to create my own policy so that

12:37

stands for company anti fishing policy

12:40

again you can call it what you want

12:42

we're going to click on next again we've

12:44

got this screen here who are we applying

12:46

this to okay this time we've not got an

12:49

option to select all users or anything

12:51

like that so what I do here is just list

12:54

all the domains in the tency it depends

12:56

who you're applying it to but if it's

12:58

just one domain in one tency I can apply

13:01

to that domain like that okay but list

13:03

them all in there click on next okay so

13:07

the fishing threshold and protection

13:10

we've got to choose what level of

13:11

protection we want we've got one

13:13

standard we've got two aggressive we've

13:16

got more aggressive and we've got most

13:19

aggressive so with the most aggressive

13:21

it says here messages that are

13:22

identified as fishing with a low medium

13:25

or high degree of confidence so for for

13:28

example Microsoft might say I think this

13:30

email is fishing but it might not be

13:33

I've got low confidence well that will

13:35

be trapped at most aggressive and you

13:37

can come down the ladder here it might

13:39

be helpful to go back to our our page

13:42

here so this was the the fishing

13:44

settings here the standard is one or the

13:47

default sorry is one the standard

13:50

protection is three and the strict is

13:52

four so you can choose whatever you want

13:54

there it's better to go maybe with three

13:57

a bit of advice here start off with

13:59

something monitor it you can always come

14:02

back in and change it later okay so

14:04

we'll we'll look at more aggressive

14:06

again you might recognize these this is

14:08

impersonation protection so we had this

14:10

when we were setting up the standard

14:12

protection earlier but of course we're

14:14

doing everything manually now so what I

14:16

would do is click on there and we click

14:18

on manage senders like that and then

14:20

you'd add your Us in there now you can

14:22

add up to 30 350 internal and external

14:26

senders okay so I'll just add Mickey

14:28

into here click on add user type in an

14:31

email select Mickey Mouse and click on

14:33

ADD so you would add all your users into

14:36

here nice and simple we then would add

14:40

the domains in again we did that before

14:42

so include all the domains I own is a

14:44

good one and that's all the domains in

14:46

the tency and then you can include any

14:48

custom domains as well for suppliers

14:50

Partners or all other domains I'll leave

14:53

that as it is and then I'll scroll down

14:56

okay on this bit here we can add trusted

14:58

senders and and domains again we had

15:00

that before we've got a couple of other

15:02

settings here using AI so enable mailbox

15:06

intelligence and enable intelligence for

15:08

imperson impersonation protection this

15:11

is using AI determines user email

15:13

patterns with their frequent contacts so

15:16

you might say well this user always

15:17

speaks to this user so it must be okay

15:20

and we've also got that I will switch

15:22

this on as well for intelligence for

15:24

impersonation protection that is good we

15:27

will scroll down enable spoof

15:29

intelligence again we will switch that

15:31

on click on

15:33

next and then we've got some various

15:35

actions here so what do we want how do

15:37

we want Microsoft to behave when we get

15:40

these types of emails so firstly if

15:42

Microsoft receives an email and if the

15:44

message is detected as user

15:47

impersonation we've got all these

15:49

options we can redirect to someone

15:51

else's email address maybe an IT support

15:54

mailbox we can move the message into the

15:56

junk email we can quarantine the message

16:00

we can deliver the message and add maybe

16:02

an IT support email in the BCC we can

16:06

delete it before it's delivered or not

16:08

do anything and let it be delivered so

16:10

what I like to do is Select quarantine

16:13

message and then it's going to say well

16:15

what policy do you want to use and of

16:17

course we're going to use the one we

16:19

created and I basically do this for all

16:22

these actions so again I quarantine

16:27

that into that policy

16:30

I qur in this move it into the policy so

16:33

basically if Microsoft is suspecting any

16:36

of these emails for all of these what we

16:38

can do is move it to our quarantine

16:41

message again this is a useful setting

16:44

here with the rise of dmar email

16:46

security recently with the Google

16:48

changes so if the message is detected of

16:51

spoof and Demar policy is set to reject

16:54

what do you want to do do you want to

16:56

reject the message you can do that's

16:58

good ad device to do or you could choose

17:01

also to quarantine that message if you

17:03

wanted to I would choose reject this

17:05

message because that is what dmark is

17:07

all about and again for this one here

17:09

we'll also quarantine the message so

17:12

basically what I do is I want all the

17:15

messages to be stuck in the quarantine

17:17

and let the user decide what they want

17:19

to do with it we've got some more

17:21

options here these are all safety tips

17:23

that you can use so these will appear on

17:25

emails I like to switch all these on why

17:28

not Okay click on next and then just

17:31

review it and that's all okay we'll

17:34

submit that okay that's been created so

17:36

we click on done you can see that this

17:38

now is switched on priority zero so

17:41

that's in place we go back to threat

17:43

policies click on anti-spam okay when it

17:46

comes to anti-spam policies there's a

17:48

couple of policies we can create both an

17:50

inbound and an outbound so firstly let's

17:53

start with the the inbound so company

17:55

anti-pan policy inbound click on next

17:59

again who are we applying this to I'll

18:01

go ahead and put the domain in here

18:03

click on next and then we've got the

18:04

threshold so set your bulk email

18:07

threshold so a higher bulk email

18:10

threshold means more bulk email will be

18:13

delivered to the user okay so if we put

18:16

that right down to to one no email is

18:19

getting through to the user okay but I

18:21

would use that with caution okay again

18:24

going back to our settings here I've got

18:27

these settings here so the default is

18:28

seven that's quite a lot of bulk email

18:30

getting through the strict is only five

18:33

okay so you don't want to go too gungho

18:35

with this again it's something you need

18:38

to set I would set it at 5 or 6 I would

18:41

monitor it and go from there if it's

18:43

proving that too much has been held in

18:45

quarantine then you can always come back

18:48

and amend it okay we've got some other

18:50

things we can do to improve the security

18:53

so we can increase the spam score of an

18:55

email coming in if any of these are in

18:58

place so if there's a an image Link in

19:00

the email which goes to a remote site we

19:02

can go to increase the spam score or we

19:05

can set it test so that's a nice thing

19:07

to do if there is a numeric IP in a URL

19:12

again we can switch that on so what that

19:14

will do is increase the spam score which

19:17

makes it more likely to be set to for

19:20

the email to be caught in quarantine so

19:22

what you can do is you can switch all

19:24

these on if you like and you can see how

19:26

that goes again a lot of email settings

19:28

just tweaking it as you go next section

19:32

if you want we can mark all emails as

19:35

spam if they're empty so if there's

19:37

nothing in them at all we can say well

19:38

that's clearly spam and then we've got

19:40

all these settings down here that we can

19:42

change so Microsoft's recommendation is

19:45

actually to have these all switched off

19:47

again if you've got a specific need you

19:49

can switch them on but Microsoft

19:51

recommend that you you keep these on

19:53

keep these off sorry okay click on next

19:56

okay so what again back to the actions I

19:58

don't like to use the junk email folder

20:00

in Outlook I like everything to go to

20:02

quarantine okay so again I quarantine

20:06

the message and it's a familiar thing

20:08

here we're going through and and

20:09

choosing our quarantine policy high

20:11

confidence spam again let's quarantine

20:13

it let the user be the judge of that

20:16

fishing we will quarantine it again our

20:19

quarantine policy quarantine the message

20:22

there uh put our quarantine on there if

20:26

the bulk email has been met or exceeded

20:28

again and you get the idea here we're

20:30

going to quarantine everything keep that

20:32

as default how many how many days do we

20:34

want to retain spam in quarantine I like

20:36

to put this at 30 rather than 15 again

20:40

we've got some safety tips the zero hour

20:43

auto Purge is really worth having on

20:45

what can happen is if retrospectively an

20:48

email has been flagged for fishing after

20:50

it's been delivered to the to the

20:52

mailbox of the user Microsoft can go in

20:54

and take that back out of the mailbox

20:56

okay same for spam messages so again

20:59

worth having click on next click on next

21:02

we've got the allow and block list here

21:04

so we can allow certain senders certain

21:06

domains likewise we can block domains

21:09

and senders click on next this is going

21:12

to be review click on Create and our

21:14

policy has been created so click on done

21:17

okay we've now got our company inbound

21:19

policy that is good let's create an

21:21

outbound policy so why do you need an

21:24

outbound spam policy well with the

21:26

outbound spam policy you can restrict

21:28

the number of messages users send so

21:31

I've seen it before where someone's

21:32

mailbox has been hacked and what the

21:34

hacker does is just spray loads of

21:37

emails out to random people thousands of

21:39

them but what we can do in this

21:41

situation is restrict that from

21:43

happening by putting a maximum number of

21:46

emails that a user can send before they

21:48

get blocked so it's well worth having so

21:51

give firstly give it a name company

21:53

anti-spam policy outbound click on next

21:56

again apply it to your demands click on

21:59

next so here are the limits so set an

22:02

external message limit set an internal

22:04

one and set a daily message limit so

22:07

what should you set these out again

22:09

let's hop over to the Microsoft

22:11

recommendations the default is it say

22:13

zero which means it's kind of unlimited

22:15

the recommended standard you've got 500

22:18

for externals 1,000 internals and a

22:21

daily message at 1,000 that's slightly

22:23

lower with the strict again it's up to

22:26

you for this I would be nearing towards

22:29

this I mean who sends 400 emails a day

22:31

you must be very busy if you do but it's

22:33

up to you so I'll set that that 800 for

22:36

that so this is obviously more or less

22:38

the strict profile and what happens when

22:42

someone reaches the message limit so

22:44

we've got a few options we can restrict

22:46

the user from sending email until the

22:48

next day I think that's a bit pointless

22:51

we can put no action alert only I like

22:53

to use this restrict the user from

22:56

sending email and yes sometimes you get

22:59

tickets into your business if you're an

23:00

IT department to say I can't send any

23:03

emails and the first question is have

23:05

you sent more than 400 external ones

23:08

today and they might say something like

23:11

yeah I did a marketing Blast From Me

23:13

from my mailbox and that's something

23:15

that they shouldn't really be doing from

23:16

Outlook so I I restrict the user from

23:18

sending email but again it's up to you

23:21

automatic forwarding rules we can have

23:23

system control we can disable or we can

23:25

enable I like to leave that as that

23:28

again if we've got suspicious outbound

23:30

messages we can send them again you can

23:32

put maybe your it Department in there if

23:34

you like to do that and again you can

23:37

put the IT department in this one as

23:39

well so you can be notified if you want

23:41

if something's not looking Okay click on

23:44

next that's quite an easy policy click

23:46

on Create and then we've got that policy

23:49

created so we click on done so now we've

23:51

got a an inbound and an outbound click

23:54

on threat policies again the next one

23:56

we're going to tackle is anti malware

23:58

again we've got the default but we're

24:00

going to create another one so we'll

24:01

call this company antimalware policy

24:04

click on next again the demain so we'll

24:06

put that in there okay click on next

24:09

okay so this is all about sending

24:10

malware by email so the first setting

24:13

enable the common attachment filter so

24:17

all these attachments will be

24:19

quarantined as malware okay and what you

24:23

can do you can remove certain

24:25

attachments out of here so if your

24:27

company receiv some attachments for

24:29

something for maybe dobat files or

24:32

something like that you can remove them

24:34

I would advise you not to or you can add

24:37

another file attachment that you want to

24:39

block okay just keep that as it is for

24:42

now that's my

24:44

opinion what you can also do here so

24:46

we're just going to come back here onto

24:48

the reject message or quarantine the

24:50

message so if you reject the message the

24:53

person who sent it will get a message

24:55

saying sorry this can't be delivered it

24:57

conflicts with our security you can do

24:59

that if you like or you can choose

25:02

quarantine the message now this is where

25:04

I would disagree with sending it to the

25:06

user so if you quarantine the message

25:09

you can choose if you want to add it to

25:11

quarantine or admin access I think for

25:14

antimalware it needs to be done on an IT

25:17

level so a user might call you and say

25:19

I've been sent a dobat file by someone

25:22

and I can't get it it's not been

25:23

delivered and then it can look and

25:25

release it if they think it's safe but

25:28

it's up to you you can quarantine the

25:30

message or you can just reject it I'm

25:32

going to leave it as that again the Zero

25:35

Hour Purge it's similar to the settings

25:37

we talked about earlier that means if

25:39

something was delivered to the user's

25:41

mailbox and then Microsoft realized it

25:43

was malware it can pull that out of the

25:46

users's mailbox okay so that's a good

25:48

setting to have again you got all your

25:51

notifications so you can choose to

25:53

notify admin it departments etc etc with

25:57

these settings here click on next and

25:59

just review that it's a very simple

26:01

policy click on submit great that is

26:03

done so click on there and we've got our

26:06

policy there the final two too safe

26:09

attachments this is where Microsoft

26:11

scans the attachments great we've got

26:13

some standard rules in here built-in

26:15

protection let's create our own company

26:18

safe attachment policy click on next

26:21

again add the domaining click on next

26:24

okay how do we want to scan these

26:26

attachments so at the moment this says

26:28

off attachments are not going to get

26:30

scanned we can deliver the message if m

26:33

is detected and just track the results

26:35

that doesn't sound great the one that I

26:38

always go with is the dynamic delivery

26:41

so what happens is the message gets

26:43

delivered okay when the user opens the

26:46

email it says this attachment is still

26:49

being scanned it might be 30 seconds 45

26:53

seconds before that attachment is

26:55

available and all Microsoft is doing is

26:58

scanning it I think this works the best

27:00

of all again we've got a quarantine

27:03

message coming on here we can choose

27:04

different policies again for this one

27:07

here I will choose admin only and we can

27:09

redirect messages if we want somewhere

27:12

else Okay click on next very easy that

27:15

one click on submit and that creates the

27:17

policy click on done okay and the final

27:21

policy is save links okay let's create

27:24

our own policy click on next again have

27:27

the domain click on next so we've got

27:30

different settings here how do you want

27:32

to manage safe links with an email all

27:34

these are turned on leave them on this

27:36

is all good security teams Office 365

27:41

apps they're all switched on by default

27:43

we can display the organization branding

27:45

and things like that but this is just we

27:48

leave all these on it's good security

27:50

click on next now you can use a default

27:53

notification text you can use your own

27:55

if you want to display to the user I'll

27:58

just use a default click on next again

28:00

it's a very simple policy to create and

28:03

that creates it and that's it we've

28:05

created our five policies we've gone

28:07

through Defender for Office 365 great

28:09

that is how to configure Defender for

28:11

Office 365 plan one I hope you found

28:14

this video informative look forward to

28:16

see you again soon