How to set Impersonation Protection users with Preset Policies?

Iron Contributor



Microsoft suggesting using preset (Standard or Strict) policies for EOP and Defender for Office. Is there a list of settings to tune after applying presets?

Recommended settings for EOP and Microsoft Defender for Office 365 security 


For example  found that Impersonation Protection cone with ZERO protected users (i also read there is an overall 60 user limit per rule). How do i set my protected users? Microsoft link suggests:

The default anti-phishing policy in Microsoft Defender for Office 365 provides spoof protection and mailbox intelligence for all recipients. However, the other available impersonation protection features and advanced settings are not configured or enabled in the default policy. To enable all protection features, modify the default anti-phishing policy or create additional anti-phishing policies.

But i thought one can not modify default policies. Here is how it looks in default strict settings:



3 Replies

@Sergg Did you ever find an answer to this?  Have the exact same question.

Sorry, I do not remember what was our final decision on that occasion.



I believe that for a given user you have to decide whether or not you are going to use the presets.  If you use the presets that you cannot make use of impersonated user protection at this time.
How to add Impersonation settings to anti-phishing policy if you are also using the standard preset ...