Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

How to Apply EOP / Defender protections to All Users?

Copper Contributor

When enabling a preset security policy, I'm prompted to choose who to apply EOP Protections to and who to apply Defender Protections to (screenshot below).  For either of these, how do I select "all users" or "everyone"?  I could possibly do it by domain, but I have about 15 domains I'd need to enter, which I can do but I'm wondering if there are aliases I can enter that represent all users.

 

apply_protection_to.png

 

4 Replies
best response confirmed by benamada (Copper Contributor)
Solution
no, the only way to target all users is to use the domains. the best practice is to enter all the domains you own, in your case, all 15.
Thanks Joe, it's good to know that's a "normal" approach, I wasn't sure how people go about this. I also found I have a company wide distribution group of active users that I think can be used for this.

I ended up going a different direction and decided to use the Configuration Analyzer to get recommendations on policy updates, and making individual updates rather than using the Preset Security Policies. This allows us to deviate a bit on a couple of policies that we're prefer not to use under the Preset Security policies.

One other question that came to mind, but again I don't need an answer for since I won't be using the Preset Security Policies, is whether you need to select users for EOP protection if you'll be adding all users to Defender protection. I believe EOP is standard protection where Defender protection builds on top of EOP. If I didn't select anyone to apply EOP Protection to, but added everyone to Defender Protection, does that mean those users will all receiving EOP Protection too. Or do I need to add all users to both EOP and Defender protection. Again, I no longer need to know this, but it'd be nice if the UI made this clearer. Maybe it does once you go through the setup process.

Thanks again for responding.
I’ll answer for the benefit of others who may have the same time question.
EOP and MDO users scopes are independent. If someone is scoped for one, it does not include the other.

@Joe Stocker @benamada Confirming this is correct but wanted to mention we are working on changes to make this process easier. Appreciate the feedback!

1 best response

Accepted Solutions
best response confirmed by benamada (Copper Contributor)
Solution
no, the only way to target all users is to use the domains. the best practice is to enter all the domains you own, in your case, all 15.

View solution in original post