Set up steps for the Standard or Strict preset security policies in Microsoft Defender for Office 365

Does Microsoft Defender for Office 365 gave you a way to apply threat policies that it would then maintain?

Did you know that when a best practice for a security control changes due to the evolving threat landscape, or as new controls are added, Microsoft automatically updates security control settings for users assigned to a Standard or Strict preset security policy?

By using preset security policies (Standard or Strict), you'll always have Microsoft's recommended, best practice, configuration for your users.

Use the steps below to apply preset security policies and have Microsoft Defender for Office 365 manage and maintain security controls for you.

What you will need

• Microsoft Defender for Office 365 Plan 1 or higher (Included in E5)
• Sufficient permissions (Security Administrator role)
• 5 minutes to perform the steps below.

Choose between Standard and Strict policies

Our Strict preset security policy has more aggressive limits and settings for security controls that result in more aggressive detections and involve the admin in making decisions on which blocked emails are released to end users.

• Collect the list of your users that require more aggressive detections even if it means more good mail gets flagged as suspicious. These are typically your executive staff, executive support staff, and historically highly targeted users.

• Ensure that the selected users have admin coverage to review and release emails if the end user thinks that the mail might be good and requests that the message be released to them.

• If the criteria above are met, then the user should be placed in the Strict preset security policy. Otherwise the user should be placed in the Standard preset security policy.

Enable Security Presets in Microsoft Defender for Office 365

Once you've chosen between the Standard and Strict security preset policies for your users, it takes a few further steps to assign users to each preset.

1. Identify the users, groups, or domains you would like to include in Standard and Strict security presets.
2. Log in to the Microsoft Security portal at https://security.microsoft.com.
3. On the left nav, under Email & collaboration, select Policies & rules.
4. Select Threat policies.
5. Select Preset Security Policies underneath the Templated policies heading
6. Select Manage underneath the Standard protection preset.
7. Select All Recipients to apply default email protections for all cloud mailboxes in the organization, or select Specific recipients to manually add users, groups, or domains you want to apply the preset security policy to. Click the Next button.
8. Select All Recipients to apply Defender for Office 365 Protection for all cloud mailboxes in the organization, or select Specific recipients to manually add users, groups, or domains you want to apply the preset security policy to. Click the Next button.
9. On the Impersonation Protection section, add email addresses & domains to protect from impersonation attacks, then add any trusted senders and domains you don't want the impersonation protection to apply to, then press Next.
10. Click on the Confirm button.
11. Select the Manage protection settings link in the Strict protection preset.
12. Repeat steps 7-10 again, but for these users strict protection should be applied.
13. Click on the Confirm button.

Your next step is Config Analyzer

Use config analyzer to determine if your users are configured per Microsoft's best practices.

We always recommend preset security policies because they ensure admins are exercising Microsoft best practices. However, customized configurations are required is some cases. Learn about the reasons to use custom threat policies in this article.