Email Security¶
Microsoft 365 email security is managed through Microsoft Defender for Office 365 (formerly Exchange Online Protection + ATP). All policies are configured in the Microsoft Defender portal (security.microsoft.com).
Checklist¶
- SPF record published and valid
- DKIM enabled and signing for your domain(s)
- DMARC record published (start with
p=none, move top=quarantine/p=reject) - MTA-STS policy file hosted and DNS record published (start with
mode: testing) - Anti-spam inbound policy configured (strict preset or custom)
- Anti-phishing policy configured with impersonation protection
- Anti-malware policy configured with common attachment filter
- Safe Links policy enabled
- Safe Attachments policy enabled
- Outbound spam policy configured with notifications
- Connection filter configured (optional allow/block IPs)
Portal Location¶
All email security policies: Microsoft Defender portal → Email & collaboration → Policies & rules → Threat policies
Preset Security Policies vs Custom¶
Microsoft offers Standard and Strict preset security policies that auto-configure all Defender for Office 365 policies with Microsoft's recommended settings.
| Approach | Best for | Notes |
|---|---|---|
| Strict preset | Most tenants | Quickest to deploy, auto-updates as Microsoft updates recommendations |
| Standard preset | Tenants needing some exceptions | Less aggressive than Strict |
| Custom policies | Complex requirements | Full control, but requires ongoing maintenance |
Recommendation: Apply the Strict preset to all users, then create custom exceptions only where needed (e.g., mail flow rules for specific senders).