(81) Microsoft Defender for Office 365 - Preset security policies

As part of a recent engagement, I was involved with setting this up for a customer.

What is Preset security policies?

Preset security policies apply protection features to users based on Microsoft recommended settings. Unlike custom policies that are infinitely configurable, virtually all of the settings in preset security policies aren't configurable, and are based on our observations in the datacenters. The settings in preset security policies provide a balance between keeping harmful content away from users while avoiding unnecessary disruptions

How many security policies are there?

There are three security policies:

• Standard preset security policy

• Strict preset security policy

• Built-in protection preset security policy (default policies for Safe Attachments and Safe Links protection in Defender for Office 365)

How do I get there?

1. Navigating to https://security.microsoft.com/ then under Email & collaboration then select Polices & rules then select Threat policies then select Preset security policies.

2. By default, it will have "Built-in protection" set.

3. If this the first time on the Preset security policies page, select Standard protection. Select Next.

4. Under Defender for Office 365 protection, select All recipients then select Next.

5. Under Impersonation protection, select Next.

Add any protected custom users, custom domains and trusted senders and domains. Then select Next.

6. Under Policy mode, select Turn on the policy when finished.

7. Under Review, select Confirm.

8. It will now show Standard protection is on.

What are the differences between Standard vs Strict?