How to set Impersonation Protection users with Preset Policies?

%3CLINGO-SUB%20id%3D%22lingo-sub-2242326%22%20slang%3D%22en-US%22%3EHow%20to%20set%20Impersonation%20Protection%20users%20with%20Preset%20Policies%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2242326%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMicrosoft%20suggesting%20using%20preset%20(Standard%20or%20Strict)%20policies%20for%20EOP%20and%20Defender%20for%20Office.%20Is%20there%20a%20list%20of%20settings%20to%20tune%20after%20applying%20presets%3F%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Foffice-365-security%2Frecommended-settings-for-eop-and-office365%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ERecommended%20settings%20for%20EOP%20and%20Microsoft%20Defender%20for%20Office%20365%20security%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20example%26nbsp%3B%20found%20that%20Impersonation%20Protection%20cone%20with%20ZERO%20protected%20users%20(i%20also%20read%20there%20is%20an%20overall%2060%20user%20limit%20per%20rule).%20How%20do%20i%20set%20my%20protected%20users%3F%20Microsoft%20link%20suggests%3A%3C%2FP%3E%3CP%20class%3D%22lia-indent-padding-left-30px%22%3EThe%20default%20anti-phishing%20policy%20in%20Microsoft%20Defender%20for%20Office%20365%20provides%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Foffice-365-security%2Fset-up-anti-phishing-policies%3Fview%3Do365-worldwide%23spoof-settings%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Espoof%20protection%3C%2FA%3E%20and%20mailbox%20intelligence%20for%20all%20recipients.%20However%2C%20the%20other%20available%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Foffice-365-security%2Frecommended-settings-for-eop-and-office365%3Fview%3Do365-worldwide%23impersonation-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Eimpersonation%20protection%3C%2FA%3E%20features%20and%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Foffice-365-security%2Frecommended-settings-for-eop-and-office365%3Fview%3Do365-worldwide%23advanced-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Eadvanced%20settings%3C%2FA%3E%20are%20not%20configured%20or%20enabled%20in%20the%20default%20policy.%20%3CSTRONG%3ETo%20enable%20all%20protection%20features%2C%20modify%20the%20default%20anti-phishing%20policy%3C%2FSTRONG%3E%20or%20create%20additional%20anti-phishing%20policies.%3C%2FP%3E%3CP%3EBut%20i%20thought%20one%20can%20not%20modify%20default%20policies.%20Here%20is%20how%20it%20looks%20in%20default%20strict%20settings%3A%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Sergg_0-1617017608196.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F267889iCCAF84ACD345EDC1%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Sergg_0-1617017608196.png%22%20alt%3D%22Sergg_0-1617017608196.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2242326%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EExchange%20Online%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2657099%22%20slang%3D%22en-US%22%3ERe%3A%20How%20to%20set%20Impersonation%20Protection%20users%20with%20Preset%20Policies%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2657099%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F283216%22%20target%3D%22_blank%22%3E%40Sergg%3C%2FA%3E%26nbsp%3BDid%20you%20ever%20find%20an%20answer%20to%20this%3F%26nbsp%3B%20Have%20the%20exact%20same%20question.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

Hello,

 

Microsoft suggesting using preset (Standard or Strict) policies for EOP and Defender for Office. Is there a list of settings to tune after applying presets?

Recommended settings for EOP and Microsoft Defender for Office 365 security 

 

For example  found that Impersonation Protection cone with ZERO protected users (i also read there is an overall 60 user limit per rule). How do i set my protected users? Microsoft link suggests:

The default anti-phishing policy in Microsoft Defender for Office 365 provides spoof protection and mailbox intelligence for all recipients. However, the other available impersonation protection features and advanced settings are not configured or enabled in the default policy. To enable all protection features, modify the default anti-phishing policy or create additional anti-phishing policies.

But i thought one can not modify default policies. Here is how it looks in default strict settings:

Sergg_0-1617017608196.png

 

2 Replies

@Sergg Did you ever find an answer to this?  Have the exact same question.

Sorry, I do not remember what was our final decision on that occasion.