Forum Discussion
About Microsoft 365 Defender Policies & Rules
Hi Everyone,
There are a few issues with Microsoft 365 defender.
What policies and rules should I add to or add to other than Microsoft's default policies and rules?
Suggestions about the following policies & rules for example
1- Threat policies
2- Alert policies
3- Activity alerts
My other question is at what degree should I keep the Phishing threshold in microsoft 365 defender. Standard Or Aggressive What are the differences between the two.
Thanks for your answers.
- Hi Software_C,
First question - It really depends on what you are trying to protect against. If you need more than Microsoft's defaults to address a risk scenario, yes, you have to add policies and rules to address them. Do you have a specific concern that is not addressed by an MS default? If not, follow the security principle of "keep it simple" and use what Microsoft has provided.
Second question - The differences between standard and strict values can be seen here.
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365?view=o365-worldwide
Microsoft's suggested use cases are:
Standard protection: A baseline protection profile that's suitable for most users.
Strict protection: A more aggressive protection profile for selected users (high value targets or priority users).
Thanks, Ash
