Microsoft Defender for Office 365 - Preset Security Policy

Microsoft Defender for Microsoft 365 ships with a set of default security controls that can be applied right out of the box. These security controls – known as Microsoft Defender preset security policy – are especially useful for SMBs (small and medium businesses) that lack the budget to hire security expertise needed to configure organization-specific security policies.

The Microsoft Defender preset security policy is split into three categories:

  • Built-in protection – These security settings apply by default. They are turned on when you buy the Microsoft Defender for Office license. They offer effective protection against malicious links, attachments, ransomware, and malware of different kinds.
  • Standard protection – These security settings adopt a balanced approach against cybersecurity threats. This implies your organization doesn’t adopt a blanket ban approach against the outside world which may result in unnecessary false positives.
  • Strict protection – These security settings adopt an aggressive approach against cybersecurity threats. Suitable for organizations and high-level executive groups that need tight security. However, adopting these security settings might result in a lot of unnecessary false positives.

Note: Both standard and strict protection policies are not turned on by default. They work on top of the built-in protection. They are responsible for dealing with advanced security threats. You can also have both Standard protection and Strict protection turned on for your tenant as these security settings can be applied on a user, group, or domain basis.

How to access the Microsoft Defender Preset Security Policy?

You can access the Microsoft Defender Preset Security Policy in the following two ways:

  • By visiting https://security.microsoft.com page and selecting the Policies & rules page >> Threat Policies >> Preset Security Policies option from the Email & collaboration dropdown as shown in Figure 1. [OR] [or]
  • Figure 1: Accessing Preset Security Policies within Microsoft Defender portal
  • By directly visiting Microsoft Preset Security Policy page by clicking https://security.microsoft.com/presetSecurityPolicies link.
  • Note: You can access the Microsoft 365 Security Center [or Microsoft Defender portal] only if you have been assigned the Global Administrator or Security Administrator role.

  • Both links will lead to you the Microsoft Preset Security Policy page shown in Figure 2.
  • Figure 2: Various Preset Security policies being displayed

Built-in Protection Offers Baseline Protection

The built-in protection of preset security policy is potent enough to safeguard organizations against various cyber-security threats. However, on its own, it may not be able to handle the speed at which the cyber-threat security landscape evolves. For this, you will need a more-tailored approach which is offered only by standard or strict protection security setting.

However, if baseline security is what you are after, then built-in protection will do. With this, you get a low-impact version of safe attachments and safe links policy. You also get baseline protection against malicious emails and malware. But, bear in mind, that built-in protection working with standard/security protection is always more powerful than built-in protection working on its own.

Testing Built-in Protection Setting

The easiest way to test whether the built-in protection setting is working or not is by testing out safe attachments and safe links policy.

  • Testing Safe Attachments Policy: : Try sending a mail with a .js (or JavaScript) file as an attachment. Since JavaScript is a scripting language, any .js file is considered dangerous by Microsoft Defender and the recipient of the mail won’t be able to open the attachment as shown in Figure 3.
  • Figure 3: Testing Safe Attachments Policy offered by Built-in Protection
  • Testing Safe Links Policy: Try sending a suspicious link – like a link to a porn website – through mail as shown in Figure 4. The recipient of the mail will not be able to open the link as Microsoft Defender deems the link as suspicious and blocks them from being opened.
  • Figure 4: Testing Safe Links Policy offered by Built-in Protection

What's Next?

Now that you know your Microsoft 365 tenant is secure – thanks to Microsoft Defender’s built-in protection – in the next article, let’s understand how you can further harden your tenant’s security by turning on the preset standard and strict protection policies.

How to use this guide?

It is best to read the articles in the order they are written. And since Microsoft 365 security is a vast topic, remember to watch out for this corner for new articles every week.

**** Articles marked in red will be uploaded soon! Keep an eye on this corner!

© Your Site Name. All Rights Reserved. Design by HTML Codex