Microsoft 365 Email Security Recommendations

Nov 15, 2024

Microsoft Recommendations for EOP and Defender for Office 365 Security Settings

Overview

  • Exchange Online Protection (EOP): Core security for Microsoft 365 to prevent malicious emails.
  • Microsoft Defender for Office 365: Provides additional security features.
  • Two recommended security levels: Standard and Strict.
  • Default settings are described, with recommendations for Standard and Strict settings.

Key Components

Anti-Malware Policy Settings

  • Enable common attachments filter: On by default.
  • Zero-hour auto purge for malware: Selected.
  • Quarantine Policy: AdminOnlyAccessPolicy.
  • Admin Notifications: Not specifically recommended.

Anti-Spam Policy Settings

  • Bulk email threshold: Adjusted for stricter settings.
  • Spam actions: Includes quarantining and junk folder actions.
  • Quarantine retention: 30 days for stricter policies.
  • Advanced Spam Filter (ASF) settings available.

ASF Settings in Anti-Spam Policies

  • Various settings for adjusting spam score and detection.
  • Test mode available for certain ASF actions.

EOP Outbound Spam Policy Settings

  • Outbound spam policies have recommended values for Standard and Strict.
  • Restrictions and notifications for blocked users.

Anti-Phishing Policy Settings

  • Spoof intelligence and actions based on DMARC policy.
  • Various quarantine policies for spoof detections.

Microsoft Defender for Office 365

  • Offers enhanced security features beyond EOP.
  • Anti-phishing settings include user and domain impersonation protections.

Safe Attachments Settings

  • Global settings configured by built-in protection policy.
  • Safe Attachments policy settings do not have a default but can be customized.

Safe Links Policy Settings

  • Protects against known malicious links in emails and Office apps.
  • URL rewriting and real-time scanning enabled.

Additional Resources

  • Best practices for Exchange mail flow rules.
  • Submissions for false positives/negatives to Microsoft.

Notes

  • Standard and Strict settings aim to prevent unwanted emails effectively.
  • Customization is possible depending on specific organizational needs.
  • Tools like ASF and Safe Links offer nuanced control over email security.