How to Set Up Defender for Office 365: A Complete Guide
Summary
TLDRIn this updated tutorial, Jonathan Edwards, the B365 guy, guides viewers through configuring Microsoft Defender for Office 365 Plan 1 for 2024. The video covers the essentials of setting up security policies for email protection, including anti-phishing, anti-spam, and anti-malware measures. Edwards explains both the easy method using preset security policies and the more advanced custom policy configuration, ensuring businesses can tailor their email security to meet specific needs. The tutorial aims to help businesses enhance their email security without being overly technical.
Takeaways
- 😀 Jonathan Edwards, known as the B365 guy, provides an updated guide on configuring Defender for Office 365 Plan 1 for 2024.
- 🛡️ Every Microsoft 365 mailbox comes with a basic level of protection called Exchange Online Protection, which includes anti-phishing, anti-spam, and anti-malware features.
- 🔒 Defender for Office 365 offers advanced email protection and is available in two plans, with most customers opting for Plan 1 due to its inclusion in Microsoft 365 Business Premium.
- 💡 Defender for Office 365 Plan 1 can be purchased as a standalone product for £164 per mailbox per month, but requires proper configuration to be effective.
- 📋 The script outlines two methods for configuring Defender for Office 365: an easy way using preset security policies and a more customized approach.
- 🔄 Preset security policies in Defender for Office 365 include built-in, standard, and strict protection levels, each with varying degrees of aggressiveness.
- 👥 Configuration allows for different levels of protection to be applied to various groups or individuals within a business, such as stricter settings for executive team members.
- 🔄 The process of setting up standard protection involves choosing who the protection applies to, configuring Defender for Office 365 features, and setting up impersonation protection.
- 📝 Detailed settings for each policy, such as anti-malware and anti-spam, are discussed, including options for handling emails that meet certain criteria.
- 🛠️ The script provides a step-by-step guide on creating custom policies for anti-phishing, anti-spam, anti-malware, and safe attachments, emphasizing the importance of tailoring these to business needs.
- ♻️ The importance of quarantine policies is highlighted, with recommendations for setting up custom quarantine policies and global settings for notifications and user access.
Q & A
What is the purpose of the video?
-The purpose of the video is to provide an updated guide on configuring Defender for Office 365 Plan 1 in 2024, as Microsoft frequently updates and adds new features.
Who is the presenter of the video?
-The presenter of the video is Jonathan Edwards, also known as the B365 guy, who specializes in Microsoft 365 for businesses worldwide.
What is the basic level of protection included with every mailbox from Microsoft 365?
-The basic level of protection included with every mailbox from Microsoft 365 is called Exchange Online Protection, which features anti-phishing, anti-spam, and anti-malware.
What are the two flavors of Defender for Office 365?
-The two flavors of Defender for Office 365 are Plan 1 and Plan 2, with most customers using Plan 1 as it comes with Microsoft 365 Business Premium.
What is the cost of buying Defender for Office 365 Plan 1 as a single product?
-The cost of buying Defender for Office 365 Plan 1 as a single product is £164 per mailbox per month.
What are the two methods to configure Defender for Office 365 mentioned in the video?
-The two methods to configure Defender for Office 365 mentioned in the video are using preset security policies (the easy way) and creating custom policies (the hard way).
What is the difference between the preset security policies and custom policies in Defender for Office 365?
-Preset security policies are pre-configured by Microsoft and involve accepting their recommendations, while custom policies allow for more control and are tailored to the specific needs of the business.
How many levels of built-in protection are mentioned in the video?
-Three levels of built-in protection are mentioned in the video: basic (built-in), standard, and strict.
What is the recommended approach for setting up anti-phishing policies in the video?
-The recommended approach is to start with a moderate level of protection, monitor it, and adjust as necessary. The video suggests starting with the 'more aggressive' setting and then customizing based on the business's needs.
What is the importance of setting up impersonation protection?
-Impersonation protection is important to safeguard senior figures in a business from cybercriminals who might pretend to be them to perform fraudulent activities, such as sending bogus emails to the finance department to extract money.
What is the Zero Hour Auto Purge feature in the context of anti-spam and anti-phishing policies?
-The Zero Hour Auto Purge feature allows Microsoft to retrospectively remove emails from a user's mailbox that were delivered but later identified as spam or phishing attempts.
What is the recommended action for handling emails detected as user impersonation?
-The recommended action for handling emails detected as user impersonation is to quarantine the message, which can then be reviewed and released by IT or admin personnel if deemed safe.
What is the purpose of creating an outbound spam policy?
-The purpose of creating an outbound spam policy is to restrict the number of messages users can send to prevent a compromised mailbox from being used to send out large volumes of spam emails.
What is the default action when an email is detected as malware?
-The default action when an email is detected as malware can be either to reject the message, which notifies the sender that it conflicts with security policies, or to quarantine the message for review by IT personnel.
What is the dynamic delivery option in safe attachments policy?
-The dynamic delivery option in the safe attachments policy allows the email to be delivered while the attachments are still being scanned for malware. The attachment becomes available once the scan is complete.
What is the recommended setting for managing safe links in emails?
-The recommended setting for managing safe links in emails is to leave all the security features turned on, including those for Office 365 apps, displaying organization branding, and using default or custom notification texts for users.
Outlines
😀 Introduction to Updating Defender for Office 365
The video script introduces the need to update a previous tutorial on configuring Defender for Office 365 due to changes and additions by Microsoft. The speaker, Jonathan Edwards, also known as the B365 guy, provides a brief introduction about his global business involvement with Microsoft 365. The script explains that while basic protection comes with every mailbox purchase, advanced protection through Defender for Office 365 is recommended, especially since many cyber attacks originate from emails. The video aims to guide viewers on configuring this advanced protection, offering both an easy preset configuration method and a more customized approach.
🔒 Configuring Basic and Advanced Email Protection Policies
This paragraph details the process of configuring basic and advanced email protection using preset security policies in Microsoft 365. It explains the difference between built-in, standard, and strict protection levels, and how to enable them through the Microsoft 365 admin center. The script also discusses the various settings included in each level, such as anti-malware, anti-spam, and anti-phishing policies, and how they can be customized for different groups within a business, such as applying stricter policies for executive team members.
🛠 Customizing Email Security Policies for Businesses
The script moves on to describe how to create custom security policies for more control over email security, beyond the preset options. It covers the steps to create new quarantine policies, set up anti-phishing rules, and configure impersonation protection. The paragraph emphasizes the importance of tailoring these policies to the specific needs of a business, including setting different levels of protection for various domains and users, and the option to allow or block certain senders and domains.
📧 Advanced Configuration of Anti-Fishing and Anti-Spam Policies
This section delves into the advanced configuration of anti-fishing and anti-spam policies, including setting up custom thresholds for what constitutes a phishing attempt and how aggressively these should be handled. The script outlines the process of creating custom policies, such as applying different levels of scrutiny to emails based on the sender's domain and the content of the email. It also discusses actions to take when suspicious emails are detected, such as quarantining or rejecting messages, and the use of AI for improved impersonation protection.
🚫 Setting Up Outbound Spam Policies and Restrictions
The paragraph discusses the importance of setting up outbound spam policies to prevent a compromised mailbox from sending out mass emails. It explains how to create an outbound spam policy that restricts the number of messages a user can send before being blocked, and the different actions that can be taken when the message limit is reached. The script also covers the options for notifying IT departments or system controls when suspicious outbound messages are detected.
✅ Finalizing Anti-Malware and Safe Links Policies
The final paragraph of the script focuses on the last two policies: anti-malware and safe links. It describes how to set up an anti-malware policy to scan and quarantine attachments that may contain malware, and the options for handling such messages, such as notifying administrators or rejecting the messages outright. The paragraph also covers the configuration of safe links policies, which involve scanning links within emails for safety, and the settings for managing these scanned links, including organization branding and user notifications.
Mindmap
Keywords
💡Defender for Office 365
💡Exchange Online Protection
💡Preset Security Policies
💡Threat Policies
💡Anti-Phishing
💡Impersonation Protection
💡Quarantine
💡Custom Policies
💡Zero Hour Auto Purge
💡Safe Attachments and Safe Links
💡Spoof Intelligence
Highlights
Introduction to the necessity of updating the video on configuring Defender for Office 365 due to Microsoft's frequent updates and feature additions.
Overview of the basic protection provided by Exchange Online Protection, including anti-phishing, anti-spam, and anti-malware.
Emphasis on the importance of advanced email protection against cyber attacks, with Defender for Office 365 being Microsoft's top offering.
Explanation of the two versions of Defender for Office 365: Plan 1 and Plan 2, with most customers opting for Plan 1.
Clarification that Defender for Office 365 requires proper configuration to work effectively for a business.
Introduction of the two methods for configuring Defender for Office 365: the easy way with preset security policies and the hard way with custom configurations.
Demonstration of applying preset security policies using Microsoft's recommendations for quick setup.
Description of the built-in, standard, and strict preset security policies and their respective levels of aggressiveness.
Guidance on how to access and navigate the Microsoft 365 admin center to configure threat policies.
Step-by-step instruction on applying different levels of protection to specific groups or domains within an organization.
Discussion on the settings included in preset policies, such as anti-malware and anti-spam policy settings.
Explanation of how to customize protection levels for impersonation protection to safeguard senior figures in a business.
Tutorial on creating custom policies for more control over email security, beyond the preset options.
Details on configuring quarantine policies, including recipient message access and notification settings.
How to create and apply custom anti-phishing, anti-spam, anti-malware, safe attachments, and safe links policies tailored to business needs.
Importance of monitoring and adjusting custom policies based on their impact and effectiveness.
Final thoughts on the comprehensive configuration process of Defender for Office 365 to ensure robust email security.
Transcripts
now a while ago I created a video called
configuring Defender for Office 365 plan
one but Microsoft have got a bit of a
habit of changing things and adding new
features so that video is a bit out of
date so today's video is configuring
Defender for Office 365 plan 1 2024 but
before we start just a quick intro my
name is Jonathan Edwards also known as
the B 365 guy I have businesses all over
the world with their Microsoft 365 you
can get more information at be 365 guy
Toom now with every mailbox that you buy
from Microsoft 365 you do get a very
basic level of protection this is called
exchange online protection and it
features things like anti- fishing anti-
spam and anti- malware however a lot of
cyber attacks originate from email so if
there's better protection out there from
Microsoft you should be getting it and
Defender for Office 365 is the best
protection for email that Microsoft
offer now Defender for Office 365 does
come in two flavors there's plan one and
there's plan two most of our customers
use plan one because plan one comes with
Microsoft 365 business premium if you
want you can buy Defender for Office 365
plan one as a single single product this
costs
£164 per mailbox per month but the thing
is you can't just buy the license and
Defender for Office 365 just starts
working no no no no no you've got to
configure it and you've got to configure
it the right way for your business now
there are a couple of ways that you can
configure it there's an easy way where
you just basically go through the
settings and accept Microsoft
recommendations or if that doesn't suit
you there's a hard way and lucky for you
I'm going to show you both in today's
video let's start with the easy way
these are called preset security
policies and we're basically just
accepting Microsoft's
recommendations let me show you how to
do that so I'm logged into the Microsoft
365 admin Center in my test Tenon what I
need to do to start with is go to admin
centers and then click on security now
once that has launched we can see here
this is email and collaboration and this
is where Defender for Office 365 lives
so I click on that drop drop Arrow there
and go to policies and rules and go to
threat
policies now to begin with we're going
to look at the Microsoft preset security
policies so I'll look at that and you
can see I've got three blocks here I've
got some built-in protection now this is
as a name suggest it's built in this is
a basic level of protection that will
come switched on with the on Microsoft
365 tency we've also then got standard
protection and strict protection now
these are usually a bit more aggressive
than the built-in protection so you've
got more features now you can see that
both of these are switched off and you
can also see it's fairly easy to switch
them on and I'm going to go through
those settings in a moment but you might
be wondering what's included in the
built-in protection what's included in
the standard protection when you switch
it on and like requires the strip
protection so we're going to have a look
at this web page here and I will link
this below the video here's all the
settings that are included in the preset
policies I can scroll down and the first
section here is the anti malware and you
can see we've got all the settings there
I'm just going to scroll down to the
anti- spam policy settings again if I
expand this table you can see along the
top we've got the default the standard
and the strict so let's have a look at a
setting here bulk email threshold okay
with the default that is set to seven so
that's going to allow more bulk email
through with the standard it's set to
six it's going to allow less bulk email
through and the strict is set to five so
a lot more bulk email will get caught in
the quarantine so that is one setting
we've looked at but there's an awful lot
of settings for example if Microsoft
thinks that an email is fishing with the
standard or with the default that's
going to move that email to the junk
email folder but with the standard and
the strict it's actually going to
quarantine that email it's not going to
put that anywhere near Microsoft Outlook
so you can have a look at all these
settings and you can decide which is the
right level of protection for you and
again these are just standard policies
we can't change any of these so if I go
back to hear it's worth noting you don't
have to choose one level of protection
for everyone in your business let me
explain we might decide that the people
in the executive team or the managing
director the chief executive we want to
enroll them with strip protection and
everyone else in the business we're okay
with standard protection we can
absolutely do that so let's look at the
standard protection here so click on
here now the first thing we do is look
at exchange online protection so
exchange online protection is anti-spam
anti-malware and anti- fishing so who do
we want to apply this to so at the
moment it says nobody or I can choose
specific recipients so here I can choose
individual users I can look at
individual groups so if I've got a group
called management or executive I could
add that group in here or I can choose
different domains so I might have
different domains within my tency and I
can add different levels of protection
per domain but for the purpose of this
tutorial let's just go with all
recipients I'll click on next and then
it's going to ask us about the defender
for 365 protection so Defender for
Office 365 is the advanced stuff things
like safe attachments and safe links
you'll see these in more detail later so
again I can apply this protection to
previously selected recipent I so if I
have chosen some groups and some users
in the last setting it will be quicker
just to carry those settings over I can
do specific recipients again different
recipients or I can choose all
recipients again click on next and then
we're going to look at impersonation
protection so that is when someone
pretends to be someone in your business
usually a senior figure so if I'm a
cyber criminal I might pretend to be
your CEO I might create a bogus email
and I might send it to the finance
department to try and get money out of
you so who do you want to protect when
it comes to impersonation now here it's
best to to manually add all the users in
your business who you want to protect
usually it's senior figures so what I
would do here I would click in this
email choose the user Mickey Mouse and
simply click on ADD so Mickey Mouse is
protected with impersonation click on
next and then we want to look look at
the domains as well so we want to add
all the domains a that we own and also
our key suppliers and partners so if
we're dealing with specific customers
all of the time let's add the domain in
here but I will just add my car domain
Okay click on ADD and I'll add that in
there click on next now on here we've
got the ability to add trusted email
addresses and domains so Microsoft do
not even flag it as
impersonation okay so you can add them
in here now a good tip here I've seen it
before where a CEO of a business used
his personal email address to email his
work email address perhaps out of hours
or something like that and because he
obviously had the same name Microsoft
flaged that up as impersonation so he
got pretty annoyed that every time he
emailed from his private email address
into his work email address the email
was getting caught in quarantine so what
he could have done here is just add his
email address in here personal one Okay
click on next and then we can turn the
policy on when finished or we can leave
it turned off click on next and there it
is so I would click on confirm got a lot
of green ticks click on done you can see
that that is switched on so that is as
easy as that the same basically applies
to strict protection you can go through
it's the same settings that you choose
but you're just getting a different
level of protection okay so I won't go
through all of those
that is basically how to apply the
preset policies now you can see
configuring Defender for Office 365
using Microsoft's recommendations only
takes a few minutes but what if the
preset security policies don't suit your
business or what if you want more
control over your email security well to
do that you can't use the preset
policies you've got to go in and you've
got to create all your own policies do
you want me to show you how to do that
okay let's go okay so we're back in the
threat policies screen now the first
thing I like to do before I start
configuring these five policies here I
go into the quarantine policies and what
I do is I create a new quarantine policy
for the customer that I'm working with
just before I do that you can click into
global settings here and there are a few
things that you can do so you can set a
display name so these are the the emails
that people received let them know that
some emails have been stuck in
quarantine you can choose a subject you
can choose the language and you can even
upload the company logo I think it's
well worth doing because it just makes
that email look a little bit more
personalized what I also do here so send
and user spam notifications it's set at
Daily I like to put within 4 hours I
think it's important people receive them
quickly I will click on save for that
okay click on okay just close that out
there
okay next up we're going to add a custom
quarantine policy now just give this
policy a name might be something like
that you can call it whatever you want
but click on
next and then we've got the recipient
message access so if I just choose on
limited access it tells us what that is
so what access do we want the recipients
of these quarantine emails to be able to
do with the quarantine emails so when we
look at limited access what they can do
is they can preview the message they can
request message releases they can delete
messages and they can allow certain
senders but with limited access
recipients can't release messages from
quarantine so it has to be done at an IT
level or an admin level okay now if I
look at the set specific access this is
Advanced so the release action
preference allow recipients to request a
message or allow recipients to release a
message I prefer this I like to give
more control to the end user I like to
educate them on cyber security but then
fundamentally give them the control you
might agree with that you might disagree
with that either is okay and then we can
select additional access that recipients
can take so they can delete they can
preview block senders and allow senders
that is how I set it up I click on next
we're going to enable this notification
okay and this is an option here that we
can include or don't include quar 20
messages from block sender so I will
keep that as don't and click on next
I've got that summary and I click on
submit okay I got some nice green ticks
click on done and you can see that my
quarantine policy is now there so I can
head back here now to the threat
policies and what I've got to do now for
the rest of this video we're going to
create these different policies so we'll
start off with anti- fishing click on
there okay we've got these default
policies here that we discussed earlier
so the default one the built-in is
always on the standard one which we
switched on is now switched off so I'm
going to create my own policy so that
stands for company anti fishing policy
again you can call it what you want
we're going to click on next again we've
got this screen here who are we applying
this to okay this time we've not got an
option to select all users or anything
like that so what I do here is just list
all the domains in the tency it depends
who you're applying it to but if it's
just one domain in one tency I can apply
to that domain like that okay but list
them all in there click on next okay so
the fishing threshold and protection
we've got to choose what level of
protection we want we've got one
standard we've got two aggressive we've
got more aggressive and we've got most
aggressive so with the most aggressive
it says here messages that are
identified as fishing with a low medium
or high degree of confidence so for for
example Microsoft might say I think this
email is fishing but it might not be
I've got low confidence well that will
be trapped at most aggressive and you
can come down the ladder here it might
be helpful to go back to our our page
here so this was the the fishing
settings here the standard is one or the
default sorry is one the standard
protection is three and the strict is
four so you can choose whatever you want
there it's better to go maybe with three
a bit of advice here start off with
something monitor it you can always come
back in and change it later okay so
we'll we'll look at more aggressive
again you might recognize these this is
impersonation protection so we had this
when we were setting up the standard
protection earlier but of course we're
doing everything manually now so what I
would do is click on there and we click
on manage senders like that and then
you'd add your Us in there now you can
add up to 30 350 internal and external
senders okay so I'll just add Mickey
into here click on add user type in an
email select Mickey Mouse and click on
ADD so you would add all your users into
here nice and simple we then would add
the domains in again we did that before
so include all the domains I own is a
good one and that's all the domains in
the tency and then you can include any
custom domains as well for suppliers
Partners or all other domains I'll leave
that as it is and then I'll scroll down
okay on this bit here we can add trusted
senders and and domains again we had
that before we've got a couple of other
settings here using AI so enable mailbox
intelligence and enable intelligence for
imperson impersonation protection this
is using AI determines user email
patterns with their frequent contacts so
you might say well this user always
speaks to this user so it must be okay
and we've also got that I will switch
this on as well for intelligence for
impersonation protection that is good we
will scroll down enable spoof
intelligence again we will switch that
on click on
next and then we've got some various
actions here so what do we want how do
we want Microsoft to behave when we get
these types of emails so firstly if
Microsoft receives an email and if the
message is detected as user
impersonation we've got all these
options we can redirect to someone
else's email address maybe an IT support
mailbox we can move the message into the
junk email we can quarantine the message
we can deliver the message and add maybe
an IT support email in the BCC we can
delete it before it's delivered or not
do anything and let it be delivered so
what I like to do is Select quarantine
message and then it's going to say well
what policy do you want to use and of
course we're going to use the one we
created and I basically do this for all
these actions so again I quarantine
that into that policy
I qur in this move it into the policy so
basically if Microsoft is suspecting any
of these emails for all of these what we
can do is move it to our quarantine
message again this is a useful setting
here with the rise of dmar email
security recently with the Google
changes so if the message is detected of
spoof and Demar policy is set to reject
what do you want to do do you want to
reject the message you can do that's
good ad device to do or you could choose
also to quarantine that message if you
wanted to I would choose reject this
message because that is what dmark is
all about and again for this one here
we'll also quarantine the message so
basically what I do is I want all the
messages to be stuck in the quarantine
and let the user decide what they want
to do with it we've got some more
options here these are all safety tips
that you can use so these will appear on
emails I like to switch all these on why
not Okay click on next and then just
review it and that's all okay we'll
submit that okay that's been created so
we click on done you can see that this
now is switched on priority zero so
that's in place we go back to threat
policies click on anti-spam okay when it
comes to anti-spam policies there's a
couple of policies we can create both an
inbound and an outbound so firstly let's
start with the the inbound so company
anti-pan policy inbound click on next
again who are we applying this to I'll
go ahead and put the domain in here
click on next and then we've got the
threshold so set your bulk email
threshold so a higher bulk email
threshold means more bulk email will be
delivered to the user okay so if we put
that right down to to one no email is
getting through to the user okay but I
would use that with caution okay again
going back to our settings here I've got
these settings here so the default is
seven that's quite a lot of bulk email
getting through the strict is only five
okay so you don't want to go too gungho
with this again it's something you need
to set I would set it at 5 or 6 I would
monitor it and go from there if it's
proving that too much has been held in
quarantine then you can always come back
and amend it okay we've got some other
things we can do to improve the security
so we can increase the spam score of an
email coming in if any of these are in
place so if there's a an image Link in
the email which goes to a remote site we
can go to increase the spam score or we
can set it test so that's a nice thing
to do if there is a numeric IP in a URL
again we can switch that on so what that
will do is increase the spam score which
makes it more likely to be set to for
the email to be caught in quarantine so
what you can do is you can switch all
these on if you like and you can see how
that goes again a lot of email settings
just tweaking it as you go next section
if you want we can mark all emails as
spam if they're empty so if there's
nothing in them at all we can say well
that's clearly spam and then we've got
all these settings down here that we can
change so Microsoft's recommendation is
actually to have these all switched off
again if you've got a specific need you
can switch them on but Microsoft
recommend that you you keep these on
keep these off sorry okay click on next
okay so what again back to the actions I
don't like to use the junk email folder
in Outlook I like everything to go to
quarantine okay so again I quarantine
the message and it's a familiar thing
here we're going through and and
choosing our quarantine policy high
confidence spam again let's quarantine
it let the user be the judge of that
fishing we will quarantine it again our
quarantine policy quarantine the message
there uh put our quarantine on there if
the bulk email has been met or exceeded
again and you get the idea here we're
going to quarantine everything keep that
as default how many how many days do we
want to retain spam in quarantine I like
to put this at 30 rather than 15 again
we've got some safety tips the zero hour
auto Purge is really worth having on
what can happen is if retrospectively an
email has been flagged for fishing after
it's been delivered to the to the
mailbox of the user Microsoft can go in
and take that back out of the mailbox
okay same for spam messages so again
worth having click on next click on next
we've got the allow and block list here
so we can allow certain senders certain
domains likewise we can block domains
and senders click on next this is going
to be review click on Create and our
policy has been created so click on done
okay we've now got our company inbound
policy that is good let's create an
outbound policy so why do you need an
outbound spam policy well with the
outbound spam policy you can restrict
the number of messages users send so
I've seen it before where someone's
mailbox has been hacked and what the
hacker does is just spray loads of
emails out to random people thousands of
them but what we can do in this
situation is restrict that from
happening by putting a maximum number of
emails that a user can send before they
get blocked so it's well worth having so
give firstly give it a name company
anti-spam policy outbound click on next
again apply it to your demands click on
next so here are the limits so set an
external message limit set an internal
one and set a daily message limit so
what should you set these out again
let's hop over to the Microsoft
recommendations the default is it say
zero which means it's kind of unlimited
the recommended standard you've got 500
for externals 1,000 internals and a
daily message at 1,000 that's slightly
lower with the strict again it's up to
you for this I would be nearing towards
this I mean who sends 400 emails a day
you must be very busy if you do but it's
up to you so I'll set that that 800 for
that so this is obviously more or less
the strict profile and what happens when
someone reaches the message limit so
we've got a few options we can restrict
the user from sending email until the
next day I think that's a bit pointless
we can put no action alert only I like
to use this restrict the user from
sending email and yes sometimes you get
tickets into your business if you're an
IT department to say I can't send any
emails and the first question is have
you sent more than 400 external ones
today and they might say something like
yeah I did a marketing Blast From Me
from my mailbox and that's something
that they shouldn't really be doing from
Outlook so I I restrict the user from
sending email but again it's up to you
automatic forwarding rules we can have
system control we can disable or we can
enable I like to leave that as that
again if we've got suspicious outbound
messages we can send them again you can
put maybe your it Department in there if
you like to do that and again you can
put the IT department in this one as
well so you can be notified if you want
if something's not looking Okay click on
next that's quite an easy policy click
on Create and then we've got that policy
created so we click on done so now we've
got a an inbound and an outbound click
on threat policies again the next one
we're going to tackle is anti malware
again we've got the default but we're
going to create another one so we'll
call this company antimalware policy
click on next again the demain so we'll
put that in there okay click on next
okay so this is all about sending
malware by email so the first setting
enable the common attachment filter so
all these attachments will be
quarantined as malware okay and what you
can do you can remove certain
attachments out of here so if your
company receiv some attachments for
something for maybe dobat files or
something like that you can remove them
I would advise you not to or you can add
another file attachment that you want to
block okay just keep that as it is for
now that's my
opinion what you can also do here so
we're just going to come back here onto
the reject message or quarantine the
message so if you reject the message the
person who sent it will get a message
saying sorry this can't be delivered it
conflicts with our security you can do
that if you like or you can choose
quarantine the message now this is where
I would disagree with sending it to the
user so if you quarantine the message
you can choose if you want to add it to
quarantine or admin access I think for
antimalware it needs to be done on an IT
level so a user might call you and say
I've been sent a dobat file by someone
and I can't get it it's not been
delivered and then it can look and
release it if they think it's safe but
it's up to you you can quarantine the
message or you can just reject it I'm
going to leave it as that again the Zero
Hour Purge it's similar to the settings
we talked about earlier that means if
something was delivered to the user's
mailbox and then Microsoft realized it
was malware it can pull that out of the
users's mailbox okay so that's a good
setting to have again you got all your
notifications so you can choose to
notify admin it departments etc etc with
these settings here click on next and
just review that it's a very simple
policy click on submit great that is
done so click on there and we've got our
policy there the final two too safe
attachments this is where Microsoft
scans the attachments great we've got
some standard rules in here built-in
protection let's create our own company
safe attachment policy click on next
again add the domaining click on next
okay how do we want to scan these
attachments so at the moment this says
off attachments are not going to get
scanned we can deliver the message if m
is detected and just track the results
that doesn't sound great the one that I
always go with is the dynamic delivery
so what happens is the message gets
delivered okay when the user opens the
email it says this attachment is still
being scanned it might be 30 seconds 45
seconds before that attachment is
available and all Microsoft is doing is
scanning it I think this works the best
of all again we've got a quarantine
message coming on here we can choose
different policies again for this one
here I will choose admin only and we can
redirect messages if we want somewhere
else Okay click on next very easy that
one click on submit and that creates the
policy click on done okay and the final
policy is save links okay let's create
our own policy click on next again have
the domain click on next so we've got
different settings here how do you want
to manage safe links with an email all
these are turned on leave them on this
is all good security teams Office 365
apps they're all switched on by default
we can display the organization branding
and things like that but this is just we
leave all these on it's good security
click on next now you can use a default
notification text you can use your own
if you want to display to the user I'll
just use a default click on next again
it's a very simple policy to create and
that creates it and that's it we've
created our five policies we've gone
through Defender for Office 365 great
that is how to configure Defender for
Office 365 plan one I hope you found
this video informative look forward to
see you again soon
浏览更多相关视频
How to Create SharePoint Document Library
How to Secure Your Email (DMARC, DKIM, SPF Tutorial)
Top 10 Best Cybersecurity Best Practices to Prevent Cyber Attacks
Microsoft Cloud App Security: Protecting GitHub
Getting Started with Email Aliasing (and Six Services Compared!)
Top 5 Security Tips for Google Workspace Gmail - Authentication and Infrastructure
5.0 / 5 (0 votes)