News

Simpler Policy Options Coming This Summer to Microsoft Defender for Office 365

• By Kurt Mackie
• 05/17/2022

Organizations using Microsoft Defender for Office 365 will be getting enhancements to preset security policy options, starting this summer, according to a Tuesday Microsoft announcement.

The policy options for Microsoft Defender for Office 365 are rather complex. The changes coming this summer, though, are designed to make it easier for IT pros to use Microsoft's recommended settings.

Levels of Protection
The protections enabled by Microsoft Defender for Office 365 depends on the licensing that was selected. Greater protections are afforded by the Microsoft Defender for Office 365 P1 and P2 plans, for instance, which add investigation and response capabilities.

Organizations get Exchange Online Protection (EOP) as a core security offering with Microsoft Defender for Office 365 subscriptions, according to Microsoft's "Overview" document. EOP blocks "broad, volume-based, known attacks."

Organizations subscribing to the P1 plan, though, additionally get protections from "zero-day malware, phish, and business email compromise." There's also a P2 plan that "adds post-breach investigation, hunting and response, as well as automation, and simulation (for training)."

IT pros can set policies using Microsoft Defender for Office 365 that will take effect according to the following hierarchy (from highest priority to lowest priority), per this Microsoft document on "Preset Security Policies":

1. Strict protection preset security policy
2. Standard protection preset security policy
3. Custom security policies
4. Built-in protection preset security policy and default security policies

Microsoft's document described the preset security policies as a way of applying all of Microsoft's recommended policies to Office 365 users, and stressed that the preset security policies can't be modified:

Preset security policies use the corresponding policies from the various protection features in EOP and Microsoft Defender for Office 365. These policies are created after you assign the Standard protection or Strict protection preset security policies to users. You can't modify the settings in these policies.

Coming Policy Enhancements
That said, Microsoft's news this week is that it'll soon be possible for IT pros to apply Standard and Strict security polices "to all users of the entire organization." Apparently, that ability wasn't available previously, and IT pros had to apply Strict and Standard to individual users covered under EOP and P1 or P2 plans. There's an option to exclude some users from the overall Standard and Strict protections, but Microsoft doesn't recommend that approach.

Also, organizations will be getting the ability to apply Standard and Strict to customized lists of targeted users to protect against impersonation attacks. Microsoft is removing some confusion from this process, stating that "you'll no longer need to disable preset security policies and create custom anti-phishing policies when all you want is Microsoft's recommended settings and impersonation protection."

IT pros can also "white list" the individual e-mail senders that should be excluded from impersonation checks, if wanted. However, impersonation protection settings can't be wholly turned off, the announcement indicated. Moreover, IT pros "still can't modify the action that's taken on messages detected as impersonation."

Microsoft is planning a gradual rollout of these Standard and Strict improvements for Microsoft Defender for Office 365, plus the easier creation of lists to block impersonation attacks. The rollout will start "between June and August 2022." IT pros will be kept apprised of the coming changes via Microsoft Message Center posts.