Ugly Defender awareness training screen
I want to use the extensive training material available from the E5 licenses we just shelled out a boat load of $$ for. However, when someone gets an invite and they click the link to do the training they are taken to the Defender page. This might be fine for a technical person but its ugly as F for my users. Plus, there is extra rubbish like Threat Intelligence, Trials, Reports, settings etc they can access that I don't want them too. This is not a very polished interface for non-technical people. Is there a way to fix this? Can it send them the direct training URL, so it just opens the training and not the defender page from them to open the video? Can we do a custom landing page but put the assigned training URLs into that? This is ugly there has to be a way to make this more user friendly.How to Check if Shared Mailboxes Need MDO Licenses
Shared mailboxes might need Microsoft Defender for Office 365 licenses, but how do you identify how many licenses? We use PowerShell to do the job by analyzing external email sent to shared mailboxes. If a mailbox receives external email, then by definition the mailbox receives benefit from MDO, and that’s the test for requiring a license. https://office365itpros.com/2025/11/25/microsoft-defender-for-office-365-3/
Microsoft Issues Updated Guidance for Defender for Office 365 Licensing
Some inconsistencies in the MDO P2 service description and licensing terms exposed a need for tenants to license every user and shared mailboxes. Microsoft has changed the service description and licensing terms to make them simpler. Mailboxes still need MDO licenses, but only if they benefit from MDO protection, including MDO P2 if that’s what they use. Tenant admins have some extra work to do to deploy policies. All explained here. https://office365itpros.com/2025/10/31/mdo-p2-licensing/
Compliance licenses at tenant level
Hi, We are a small organization of about 200 employees, and we have following requirements. DLP policies configuration at Exchange, OneDrive, SharePoint BYOD security Users should not be able to send files outside the org And so on as we evaluate We already have M365 Business Premium. However, after researching we figured out that M365 Business premium will alone not solve our requirements. May be compliance license will. We want to apply security policies at tenant level in our organization but definitely do not want every user to get licenses as this will be expensive for us and there is no requirement at all for our users. The question is, Is there a way to solve the above scenario?
Security Admin Center Tenant Allow/Block List Not Able to Block IPv4?
While using the Security Admin Center Tenant Allow/Block List we have been able to block specific email addresses and IPv6 IP addresses but are unable to block IPv4 IP addresses. We have tried both using the console and the CLI but have turned up unsuccessful both times when it comes to IPv4. A large majority of the phishing attempts that we encounter come from IPv4 addresses but we have been unable to block any of these. Will there ever be functionality for IPv4 within the Tenant Allow/Block list or is the only option to use conditional access policies? Also why is this enterprise tool only functional with IPv6 and without documentation stating that it does not work for IPv4?Poor reporting capability
I'm finding the flexibility of exchange online protection and reporting in general to be terrible. I'm trying to get a report of cases where people have clicked a link that was later determined to be malicious. Including links, we have manually determined to be malicious and later zapped those emails. I have kind of done this in threat hunting however I need to run a query that starts older than the 30 days in threat hunting. Of course I don't have these going into sentinel or anything, so the data is gone. Someone suggested reports but I can see how or if there even is a way to report clicks on malicious links (based on them being later determined to be malicious and zapped). Any suggestions?Extract user access to Cloud Apps categories.
I’m having some issues with getting report data out of Defender for Cloud App. Short version is I want to get a report (or at the very least an export) of all users accessing sites in the Generative AI category. I can do this manually by following these steps: Open Cloud Discovery Click Discovered apps Enter Gnerative AI in the browser by category I now get a list of discovered sites but to get a list of users who have accessed them I have to: Click each app one at a time In each click Cloud app usage Click Users And finally export all users Imagine how long with would take for a category that has a high amount of usage and how inefficient this would be to provide monthly reporting. I tried to find a way to see in one step user activity for one Cloud App category, but I cannot. Any idea?Cloud app conditional access exceptions
I have a lot of issues with attackers coming from VPN and anonymous IP's. Im trialing a Conditional Access policy to apply Conditional Access App Control. Ive created a Cloud App, Access Policy to blocks using IP address, Category, equals and listing a few categories like VPN and Risky. Then another Access policy to block IP address, Tag, equals Tor, Anonymous, Random, Botnet etc. Testing shows this works. But I've been asked what if we wanted to allow a specific service like NordVPN. How can I achieve this?
Unable to whitelist quarantined emails
We have an email that is being constantly quarantined from a webform. The email comes from the email of the web form server, but is spoofing an internal address in our tenant by design. The email keeps getting blocked, and nothing we've tried as far as transport rules, whitelist additions, etc has been able to discernably affect this. There is a option to create a tenant allow list entry but the maximum duration is 45 days. We need a way to reliably whitelist an email indefinitely.
