About Microsoft 365 Defender Policies & Rules

Copper Contributor

Hi Everyone,


There are a few issues with Microsoft 365 defender.


What policies and rules should I add to or add to other than Microsoft's default policies and rules?


Suggestions about the following policies & rules for example
1- Threat policies
2- Alert policies
3- Activity alerts


My other question is at what degree should I keep the Phishing threshold in microsoft 365 defender. Standard Or Aggressive What are the differences between the two.


Thanks for your answers.

1 Reply
Hi @Software_C,

First question - It really depends on what you are trying to protect against. If you need more than Microsoft's defaults to address a risk scenario, yes, you have to add policies and rules to address them. Do you have a specific concern that is not addressed by an MS default? If not, follow the security principle of "keep it simple" and use what Microsoft has provided.

Second question - The differences between standard and strict values can be seen here.

Microsoft's suggested use cases are:
Standard protection: A baseline protection profile that's suitable for most users.
Strict protection: A more aggressive protection profile for selected users (high value targets or priority users).

Thanks, Ash