About Microsoft 365 Defender Policies & Rules

Software_C · ‎Mar 23 2022

Hi Everyone,

There are a few issues with Microsoft 365 defender.

What policies and rules should I add to or add to other than Microsoft's default policies and rules?

Suggestions about the following policies & rules for example
1- Threat policies
2- Alert policies
3- Activity alerts

My other question is at what degree should I keep the Phishing threshold in microsoft 365 defender. Standard Or Aggressive What are the differences between the two.

Thanks for your answers.

Ash_Gardiner · ‎May 22 2022

Hi @Software_C,

First question - It really depends on what you are trying to protect against. If you need more than Microsoft's defaults to address a risk scenario, yes, you have to add policies and rules to address them. Do you have a specific concern that is not addressed by an MS default? If not, follow the security principle of "keep it simple" and use what Microsoft has provided.

Second question - The differences between standard and strict values can be seen here.
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/recommended-settings-for...

Microsoft's suggested use cases are:
Standard protection: A baseline protection profile that's suitable for most users.
Strict protection: A more aggressive protection profile for selected users (high value targets or priority users).

Thanks, Ash

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

About Microsoft 365 Defender Policies & Rules

About Microsoft 365 Defender Policies & Rules

Re: About Microsoft 365 Defender Policies & Rules