About Microsoft 365 Defender Policies & Rules

New Contributor

Hi Everyone,

 

There are a few issues with Microsoft 365 defender.

 

What policies and rules should I add to or add to other than Microsoft's default policies and rules?

 

Suggestions about the following policies & rules for example
1- Threat policies
2- Alert policies
3- Activity alerts

 

My other question is at what degree should I keep the Phishing threshold in microsoft 365 defender. Standard Or Aggressive What are the differences between the two.

 

Thanks for your answers.

1 Reply
Hi @Software_C,

First question - It really depends on what you are trying to protect against. If you need more than Microsoft's defaults to address a risk scenario, yes, you have to add policies and rules to address them. Do you have a specific concern that is not addressed by an MS default? If not, follow the security principle of "keep it simple" and use what Microsoft has provided.

Second question - The differences between standard and strict values can be seen here.
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/recommended-settings-for...

Microsoft's suggested use cases are:
Standard protection: A baseline protection profile that's suitable for most users.
Strict protection: A more aggressive protection profile for selected users (high value targets or priority users).

Thanks, Ash