Learn How to Configure Defender for Office 365 for Maximum Security

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

Defender for Office 365 is a robust email security solution but how do you configure it well that's the topic for today's video but before we start a quick introduction as always my name is Jonathan Edwards I'm a business I.T consultant from Yorkshire in the UK we help clients with variety support their Microsoft 365 and their cyber security so please do me a quick favor if you get any value from this video please subscribe to my channel thank you [Music] now if you are a regular viewer of my YouTube channel you will have seen recently that I've created quite a few videos on Max of 365 and in particular Defender for office 365. but in none of those videos have I shown you how to configure it but that is exactly what we're going to do today in a moment I'm going to hop onto that computer behind me and you can watch over my shoulder how to configure Defender for office 365. now this video is a bit longer than usual but hopefully it's packed full of value but before we get into all that let's have a quick recap on Microsoft 365 email security so with any Microsoft 365 mailbox that you get you get some level of security now this is called exchange online protection you get anti-spam anti-fishing and anti-malware but Microsoft do have a more advanced product in fact they've got two more advanced products the product itself is called Defender for Office 365 and it comes in two flavors plan one and plan two now fortunately for small businesses and when I talk about small businesses I mean companies with fewer than 300 employees Defender for Office 365 plan one is included with Microsoft 365 business premium win-win so what Advanced features do you get in Defender for Office 365 that you don't get an exchange online protection well you get more aggressive Vision protection you get impersonation protection which protects your company against cyber criminals trying to pretend to be someone else not in our team you get something called safe attachments which protects your email your Microsoft teams and your SharePoint against dodgy attachments and you get another feature called safe links which is a bit like safe attachments but it protects your company against dodgy links so if a cyber criminal sent you a fishing link and they wanted you to click on it hopefully safe links would kick in and tell you it's a bit naughty but without further Ado let's jump on the computer behind me and let's come figure Defender for office 365. now today's video we're going to be focusing on Defender for Office 365 plan one so let me show you how to configure Defender for office 365. the first thing you need to do is log into the 365 portal which has admin access and you'll know that because you can see the admin tab here so we'll click on admin and we'll go into the 365 admin portal from here we want to go into the security portal itself so it's the security admin Center so click on show all and you can see the admin centers down here we want to go into the security admin center now you can see we've got lots of options down this side here so we've got endpoints which is the defender for endpoint but then we've got the email and collaboration which is where we administer the defender for office 365. so we want to go into policies and rules and then we want to go into threat policies so you can see now we've got a lot of options we're going to start talking about the preset security policy the moment but just focus your attention for a moment on the policies section here so the anti-fishing the anti-spam and the anti-malware they're all included with the exchange online protection so that's what you get with every Microsoft 365 mailbox we've also got some safe attachments and some safe links now these are premium features of Defender for office 365. if I just compare this admin portal to one of our customers admin portals who doesn't have Defender for Office 365 licensing you can see it says next to these features premium so if you see anything like this it means you've not got the correct licensing for Defender for office 365. so we'll minimize that and go back to our main portal So within Defender for Office 365 there are two ways that you can configure your policies there's a really easy way and there's a slightly harder way so let's first start talking about the really easy one and that is by using the preset security policies so you've got standard protection and you've got strip protection and they are both really as the name implies you get a standard level of protection and you can get a strict level of protection now what you can do you can add all the company into standard protection or you can be a bit more granular so you might decide to add most of the company into standard protection but then you might add the finance department into strip protection because there's more protection over their emails now it's important to get the balance right because with strict protection more emails will be trapped in the filter more will get caught and there might be a few false positives now you might be wondering what settings am I turning on here so I turn on strip protection and I add all the company to that what do the settings look like well fortunately Microsoft do publish them so it's on this web page here and it's under their recommended settings so you can scroll down and you can see here so Exchange online protection anti-spam policy testings these are all the settings and these are the settings that come with each of the standard and the strict policies so you if you're interested can look through all these and you can decide if all these settings match your company needs so if these settings do match your company needs or you just want to get some protection on as quickly as possible you can go back here and you can start switching these on so we switch standard protection on and then we click on manage protection settings so the first options it's going to give us is the exchange online protection So that obviously includes the anti-spam the anti-malware the anti-spoothing who do you want to apply this standard protection policy to Simply we can choose it as our recipients we can choose some recipients or we can choose all recipients but exclude some users some groups awesome domains once we're happy with that we can simply click on next and then we're getting into the defender for Office 365 action so this is the advanced protection that the defender for Office 365 gives you so who we're choosing here well to make it easy we can just click on previously selected recipients which would choose the same recipients that we selected in an exchange online protection or we can configure it slightly differently we then click on next and then we're getting to the impersonation protection so impersonation is when a cyber criminal pretends to be someone else they might pretend to be your financial director and they'll send you an email asking you to pay so they're impersonating someone else so we can click on next here and it says here add people such as top level Executives and board members so it's key people within the business so I would simply add Boris Johnson in here type in Boris and I want Boris to be protected by impersonation but with your organization you can go through and add all the Senior Management and people who are more likely to be impersonated by cyber criminals and then we move on to protected custom domains as it says here these domains could be ours or could belong to key suppliers who we have a lot of email correspondence with and again sit down with your team and work out which key suppliers and partners you use and add your own domain into here as well that's important click on that and we can add that in Okay click on next and then if we've got any trusted sender so again who do we correspond with all the time we don't want to switch this on and people who we have regular email contact with just cat email as it keeps getting stuck in spam that's just going to cause a lot of frustration so work out which senders you send and receive to on a regular basis and then we can click on next and then we can simply switch it on so we might just leave it there we might say well everybody in the business is going to have standard protection or we can say most people in the business are having standard protection but we want these certain individuals to have strict protection so we go on to strip protection it's a similar kind of layout so who are we applying this to well I'm going to apply this to Boris okay now you might have noticed that I've added Boris as well into the standard protection so what's going to happen because we're adding them into two different groups well strip protection will take precedence so if you add a user into strict and standard it's the strict one which will take precedence okay so whatever our settings I set for Boris in strict will be the settings that I use for Boris and as you can see it's exactly the same layout we go through it as we need to go through it the only difference is it's the settings so the strict and the standard are just slightly different in places so strict is five standard is six you can work out which ones suit your business so back to here we click on next and we'd go through it all and then we would switch that policy on client click on done so that's the easy way to do it you know you've got standard protection on and you've got strict protection on now there's a bit of a problem for me with the security policies these preset ones they're not very granular so there might be some of these settings that I don't agree with so I might look at the EOP anti-spam and I might think well that's a okay that's okay but I don't like that and I don't like that and unfortunately you can't change individual settings they're just preset policies that are made by Microsoft so what we do for our customers is we create these policies individually and it's not that hard to do so let's have a look and let me show you how to do that so firstly let's go here and I'm just going to switch these off so let's take a look how to create our own policies the first thing we'll do is we'll go back to policies and rules now we're going to start with the anti-fishing policy but before we do that we're just going to configure the quarantine policies and all will become clear so the quarantine policies are the type of access that our end users have over their quarantine so what can they do when things are stuck so the first thing we're going to do and as I said always will become clear throughout this video so we'll call this the je Tech uh quarantine policy okay and we'll click on next so we've got two options here we've got limited access and we've got set specific access let me show you the difference between the two so if we go on to here it will become clear so select the release action preference click on the drop down we can see two options so we've got allow recipients to request a message to be released from quarantine or allow the recipients to release a message so they're very different these if something gets caught in the quarantine with the top option recipients can request that the IT department take a look at it and release it with the second option the user can release it themselves so it depends again what level of trust you have in your organization it's worth pointing out as well you can have more than one quarantine policy you can apply different ones to different groups so if you've got a department who are Developers for example and they they're always getting things trapped in the filter you might want to set a policy for them so they can release their own otherwise they're going to get frustrated that is the only difference these settings here between the limited access and the set specific so if I choose it as limited click click on next click on enable the notification click on next and then it gives you a review here so what can recipients do with this limited access well they can request to release the message from quarantine that can block a sender that can delete the message or they can preview the message and the notification is enabled so their notification message will look something like this they'll receive one of these each day if we go back and we configure it using the set specific we can say actually I want people to control their own quarantine I trust them that's up to you so what additional options can you select where they can delete the message out the quarantine they can preview it and they can block the sender Okay click on next quarantine's enabled and you can see the only difference here is that people can actually release the messages from their own quarantine click on submit and that will set the quarantine policy up for us click on dump once you've created the policy you can see there's another tab here called global settings and this gives you some more quarantine note application settings that you can add so you can choose your own subject for your organization you can choose your own display name a disclaimer which language and you can also use your company logo which is quite handy so people might think it's from from your business and how often do you want people to get a notification and you've got all these options here we always choose one because we want people to get one every day we can just simply click on that and save those global settings okay so let's go back to threat policies now we've got our quarantine policy in place we're going to start configuring these policies here and we're going to start with the anti-fishing policy so you can see you've got the strict and standard that are available in the preset and these are both switched off and then there's a default one as well that Microsoft has created but we're going to create Arrow so we'll click create and we'll call it je Tech anti-efficient policy app click on next again who do we want to add into this policy we can be quite granular I just want to add everybody who is using this domain this is our main domain if you've got more domains in your business add them all here if you want specific groups or users you get the idea or if you want to exclude some people from this you can as well click on next the first policy at the moment is the fishing threshold so which do we set it as the default one here is standard we've then got aggressive we've got more aggressive and we've got most aggressive so which one is the right answer for you and your Bot business well the answer is I don't really know about your business and I don't know which is going to be right what we always recommend is that people start with standard much these policies with Defender for Office 365 is putting them in place and then tweaking them so you don't want to set this as as aggressive and get lots of things trapped in the policy you're just going to create frustration for your end users so we all started at this if people if we see people are getting phishing emails then we'll look to tweak the settings now the impersonation is as we discussed with the preset policies we can enable certain users so I'm going to go in here and add Boris Johnson because he needs protect him from well himself um click on that click on ADD and you can add as many users where you can add 350 users into there to click on done and then you can add the domains to protect so again add your domains into here so again this is what we did with the the preset policies we just um having to do this manually because we're creating the policy from scratch it's also a good idea here we've got enable mailbox intelligence and enable intelligence for in-person open impersonation protection this is AI and I think it is well worth having on it will probably reduce the number of um emails that you're getting stuck in your filters and also enable spoof intelligence you might be using different systems to send email you might be using things like MailChimp for example that sends email as you so you can configure all those in the allow block list but it's a good idea also to have the spoof intelligence switched on click on next and now we're talking about the actions so if Microsoft 365 capture these messages what do you want them to do with it so if a message is detected as user impersonation we've got a lot of options here we can redirect it to a different email address maybe the IT department we can move the message to the junk email folders We can put it in quarantine we can deliver message but maybe add the it support one in the BCC so they'll get a copy we can delete it or we can do nothing so again it depends on your organization a lot of organizations choose to quarantine the message for us we're an I.T company we do cyber awareness training we like to trust people in our business so what we tend to do is move these messages to the junk folder but again it's up to you the same with mailbox intelligence what do you want it to do we've got the same options um if the message is spoof what do you want to do we've just got a couple of options here click on quarantine that message and because we've showed chosen a quarantine message here so if we choose a quarantine here just to show you it's then going to ask us what quarantine policy we want to take effect so if you remember the previous step we created this jtac so this is where it comes in here okay so all those settings we chose the user can block the sender release the message etc etc so that is where you would choose that if you didn't want it to go to the junk so there will choose that as well there's some tips here which I switched them all on because I think it's quite handy things like we if someone sends an email and their email address is never sent us an email before there'll be a warning at the top of the email these are just all tips a little bit of cyber awareness training to make sure everybody in your business is aware these little things can make a big difference click on next and that's it so we can submit that and the anti-fishing policy has been created and we've created it ourselves so we're gonna go back to our policies and the next one we're going to do is the anti-spam so we've got some policies here we've got the strict and the standard which of course is Switched Off and then we've got some default ones we've run inbound and outbound and a connection filter so we're going to create our own inbound anti-spam policy we're going to call it jtac anti-spam policy and we're going to click on next once again who do I want protecting for the purpose of this video we're just going to protect everybody in the domain I click on next now when it comes to the anti-spam settings I don't change an awful lot from the default ones here but I do like to have my own policy so we can jump in and change if needed Okay so we've got lots of settings down here we won't go through them all but the first and the most important one is the threshold so on here the higher number means the more bulk email will be delivered so if we say seven we've got one to nine so you can choose again put it as the default and see what happens in your business again we can then increase the spam score of emails depending on these factors if there's some image links we can say yeah we want to make sure that gets caught um if there's links to bizarre info websites a lot of things we can configure here if someone sends an email without any anything in it we can say well that's obviously spam I do tend sensitive words another thing that you can switch on SPF hard fail make sure they get trapped I do recommend that you probably use the default for the anti-anti spam inbound and then see how you get on monitor it for weeks months afterwards and make the changes as you see fit once you're happy with that click on next and then again we've got the same as the previous policy where we can set our actions what what do we want to happen uh all these things here we can put spam in the subject line we can do lots of different things deleted quarantine for spam I think you better putting these in the junk email folder if you're an I.T department or an I.T person you don't want you know 20 support tickets every day telling you that you've got something stuck in in spam and you've got to release it you've got to allow users to have some control over it so spam is just Spam high confidence spam that is what Microsoft is saying we're pretty sure how this is actually spam so you might want to do something different with that fishing as well we've said here quarantine we can select our policy again and high confidence fishing is fishing that Microsoft is saying we're pretty certain this is fishing okay so you might want to quarantine that one uh and choose your policy and then you've got some settings here like how many days do you want to retain spam in quarantine I would choose 30 for that the more the merrier I think safety tips as we discussed before is a good idea and this zero hour auto Purge I think is a good feature if something gets delivered and then Microsoft realize afterwards that actually it's it's a spam you can actually pull it out of people's mailboxes so we can enable that for fishing messages and we can enable it for spam messages too it's well worth having on so click on next we've got some allow and block lists here so we can add senders and domains that we use on a regular basis and we can once we're happy with all that we can click on next and create our policy okay that's done click on done for that so we're making good Headway we've got an anti-fishing and an anti-spam policy so the next thing is the anti-malware policy again we've got these two policies Switched Off we're going to create our own we'll call it J Tech anti-malware policy click on next again who do we want to protect our users at the moment click on next so now we've got these uh file attachments so what file attachments do we want to basically ban from getting sent these will get caught we select these here so all these will be quarantined we can add file attachments you can delete file attachments again depending on your organization you might have developers who receive certain files with certain attachments so you might want to delete and add to certain attachments into here and you can do that okay what happens when someone sends an attachment with one of these to do we can reject it say to the sender this has been rejected because we don't like your attachment or again we can receive it and we can quarantine it and then there's this zap setting again which we've seen before if something gets through if Microsoft lets it through and then realizes oh actually this is malware it can pull it out so we'll have that quarantine policy we've seen that before so we'll choose that one and then we've got some notifications here so you can notify an admin so again you can send an email to the IT department for internal and external senders and you can use customized text if you want to do that okay I'm not going to do that but I'll click on next and that really is the anti-malware policy that one's nice and easy and click on done so the next feature we want to talk about is safe attachments so what are safe attachments well safe attachments work for attachments that come into email but they also work with attachments that are in SharePoint in OneDrive in teams what happens when you receive an attachment so say if you receive attachment by email Microsoft 365 will check that attachment in a secure environment before releasing it on so as an example I got an attachment yesterday and when I first opened it I saw this message here so Microsoft 365 was still check in the attachment just lasted about 10-15 seconds and once it had checked the attachment I was able to open it as normal so we want to create a safe attachment policy in our 365. so in here you can see a game there's a stand on the Strip ones they're both switched off so I'm going to create our own I'm going to call it the J Tech safe attachment policy click on next you're getting used to this by now so I'm going to put my domain in and I'm going to click on next now as you can see we've got some various options again it's worth repeating you can have multiple safe attachment policies that do different things for different people so the default one is off so the save attachment policy is off the next one is Monitor so it will monitor the attachment coming in it will deliver it as normal and it'll track results not really sure I see the point in that one the next one is block so what that will do is it will block the messages with detected malware the next one is replace so what it'll do it'll deliver the email but it will block the attachments so what's going to happen then is your users are then going to contact you to say I've had something blocked on my personal favorite is the dynamic delivery so it'll deliver the message as I just said without the attachments if the user tries to open the attachments they'll see a screen like this and then after a period of time the attachment will appear if it's deemed to be okay again quarantine policy so we'll shows the one that we set earlier and then we can redirect messages if we want so we might enable redirect if a attachment has malware we can forward it to the IT department or something like that okay so I would leave this like this and I'll click on next and that's about basically it so we can submit that and the new safe attachment policy has been created once again we've got a some global settings on here like we've seen earlier and we can turn on Defender for 365 so it scans attachments in SharePoint OneDrive and Microsoft teams and then we've also got uh some more advanced features that you need an additional license for so it's the E5 licensing okay so we'll just close that there the next policy or should I say the final policy I want to talk about is safe links so what are safe links so the safe links feature it will scan a URL so if someone sends you an email and in that email it says please look at this webpage and the web page says www.bbc.co.uk Microsoft will scan that URL to make sure that it's not malicious so it's a really good Extra Protection because we all include links in our email and of course lots of cyber criminals do that with phishing attacks so it's worth having on CE again we go to create the policy we'll call this J Tech save links policy we'll click on next let's add a domain and we'll click on next and then we've got the settings here to be honest I don't usually change anything here either so we're going to switch the policy on we're going to apply save links to email messages sent within the organization I usually just keep this how it is how it is we've got the teams and we've got the Office 365 app so safe links is working on there as well something I do change um we've got some settings here so track user clicks let users click through to the original URL so I usually switch that one off and then we click on next we can put a custom notification if you want to do that but what we're going to do is click on next just use the default and again that's easy enough so that is our save links policy which has been created click on done once again we've got some global settings so in here we can block certain URLs so we can go in there and block them but you can manage a lot of these in which I'm going to show you next so go down to threat policies tenant allow block lists so as you can see here we've got a lot of things we can block from here we can block domains email addresses URLs files spoof senders so this is where you manage all the allowed and the block lists for your tenant okay so that's us done we've created some policies here for anti-fishing anti-spam malware safe attachments and safe links we've also created a quarantine policy I hope you can see that the power of the system and how it will protect your organization there's just one final thing that I want to show you and that is a configuration analyzer so what does this do well the configuration analyzer will check our policies according to the standard recommendations and the strict recommendation offered by Microsoft so we can see here we've got standard recommendations which is highlighted and let's take a couple of examples here so we've got this here this is the anti-spun policy let's highlight that so what Microsoft is telling us is a high confidence spam detection action our current configuration is to move it to the junk email folder however Microsoft recommend that the message is actually quarantined okay so it will go through all our policies and it'll check them according to its standard or we can go on to strict and it'll give us some recommendations how we can improve our security now you don't have to take these recommendations it's up to you but if you want to do that you can just click on this one here for example and we can apply the recommendation so this is a a really useful tool to see how our policies match up against Microsoft recommendations so that's basically it that is how to configure Defender Office 365 plan one which is part of the business premium subscription so I hope you've enjoyed today's video as you can see there's a couple of ways that you can configure your Defender for office 365. an easy way and a slightly harder way I look forward to seeing you again soon [Music]

Info

Channel: Jonathan Edwards

Views: 44,822

Rating: undefined out of 5

Keywords: microsoft defender for office 365, office 365, microsoft defender, microsoft 365, cloud security, microsoft security, microsoft threat protection, office 365 advanced threat protection, safe links, m365 defender, office 365 atp, safe attachments, exchange online, advanced threat protection, exchange online protection

Id: w-sqq-6Lp6U

Channel Id: undefined

Length: 30min 22sec (1822 seconds)

Published: Thu Dec 08 2022