Jul 06 2021 08:52 AM
Hello all
I am fairly new to Defender for O365. I am the cloud admin for a small company roughly 1000 accounts. We are moving from mimecast to Defender for O365. I read the article regarding preset security polices, and thought this would be a good place to start, so i enabled the standard policy for all the domains we host. Considering you cannot edit a preset policy i had to edit the default policy to fill in the gaps to account for the things like safe senders, blocked senders, safe domains and blocked domains. Is this the correct strategy to use? From my understanding the preset security policy will take precedence. How does the precedence work? If i create safe senders in the default anti-spam policy will these settings take effect even though the safe senders are not mentioned in the Standard preset security policy ?
Jul 06 2021 08:56 AM
SolutionJul 06 2021 08:59 AM
Jul 06 2021 09:43 AM
Jul 06 2021 10:20 AM
Jul 06 2021 01:02 PM
Hello @Skipster311-1, Thanks for your feedback and question:
@pvanberlo is correct that precedence works in the following order from highest priority to lowest priority and it applies down to the security control level:
That means, for example, if a security control/setting exists in Standard and admin has enabled it for a user, then it would be applied instead of what is configured for the setting in a custom policy or in the default policy if they are scoped to the same user. Note: you may have some portion of your org that you want to apply the standard/strict presets only and then for the others in your org you may apply a custom policy to meet specific use cases.
Today, we don't allow for customizations in the preset security policies (standard/strict) as the goal for presets is to require minimal admin effort to apply -- enable it and you've got all of the recommended security controls turned on. Any time we add any new controls, those will be automatically added in the preset security policies.
We will add this clarification to the MS doc page: Preset security policies - Office 365 | Microsoft Docs. Also, wanted to mention we are working on several improvements to make this configuration process easier. Thanks for the feedback!
Jul 07 2021 08:44 AM
Dec 03 2021 03:39 AM
Jan 06 2022 08:41 AM
@Skipster311-1, it's been some time since you made these changes. Curious to ask how your experience is going? I am also evaluating the necessity of keeping our inbound filter and going native with EOP abilities.
Mar 15 2022 01:45 PM
In case folks are still coming across this topic, this documentation might help: Documentation article: Order and precedence of email protection.
More holistic within this topic’s theme, the Microsoft Defender for Office 365 (MDO) setup guide in the M365 Admin Center contains step by step guidance on deploying MDO.
The MDO setup guide simplifies deployment of MDO.
Note: If you don't have Microsoft 365 admin permissions, open the guide in a test or POC tenant to get instructions.
Jul 06 2021 08:56 AM
Solution