Skip to Content

MC296611: Microsoft Defender for Office 365: Introducing Built-In-Protection

Updated May 04, 2022: We have updated the rollout timeline below. Thank you for your patience.

Note: this has begun being enforced for organizations where it is already available.

We’re are introducing a powerful new default security preset called Built-in-Protection in Defender for Office 365. Built-in-Protection is a third preset security policy (like the Standard and Strict preset policies), and is enabled by default for all new and existing customers. It will implement a version of Safe Links and Safe Attachments resulting in low impact on the end-user. It’s low impact as the end user experience will not be changed – URL links will not be wrapped. However, it will implement delivery time file and URL detonation as well as time of click protection. This message is associated with Microsoft 365 Roadmap ID 72208.

We are introducing Built-In Protection for Microsoft Defender for Office 365 to automatically elevate all users within your organization to the base level of security protection. Built-In Protection will implement a low impact version of Safe Attachments and Safe Links, removing burden on admins to configure users with recommended security settings and policies. This new preset security policy will require no admin action and will be turned on by default for all new and existing customers. As a result, customers will be automatically protected from unintentional configuration gaps in their policies and experience overall improved protection against phish and malicious message delivery to end users.

MC296611: Microsoft Defender for Office 365: Introducing Built-In-Protection

Key Points

  • Timing: We will begin rolling out in mid-December and complete by mid-June (previously late April). Beginning in early November, you will be able to view the Built-in-Protection preset in the Defender for Office 365 portal and configure any exceptions required ahead of the policy enablement rollout that begins in mid-December.
  • Action: Review and assess impact to users in your organization.

Note: Configured exceptions will be honored for the Safe Links and Safe Attachment settings within Built-In-Protection when it is eventually enabled for your tenant. Configured exceptions do not apply to the global Safe Links and Safe Attachment settings within Built-in-Protection. To changes these settings after Built-in-Protection is enabled, admins can modify the global Safe Attachments or global Safe Links policies directly at any time. To learn about the specific settings set by Built-in-Protection, please see: Microsoft recommendations for EOP and Defender for Office 365 security settings – Office 365 | Microsoft Docs

How this will affect your organization

Built-In-Protection will not impact users who currently have a Safe Links or Safe Attachments policy in place.

Note: For users already covered under the standard or strict preset; or under an explicit custom policy, this new built-in preset will not impact them as this policy has the lowest priority.

Policies will be applied in the following order of precedence:

  1. Strict
  2. Standard
  3. Custom
  4. Built-In-Protection or default

This means that if additional domains are added to your tenant, they will automatically be protected through Built-In-Protection with a base level of Safe Links and Safe Attachment. This will reduce the administrative burden and time involved to protect these users, as they’ll get instant protection under the Built-in preset.

What you need to do to prepare

No security admin action is required. You will want to review the impact to users who are not already protected under a standard or strict preset or under an explicit Safe Links and Safe Attachment custom policy.

  • We will release the option to configure exceptions in the Microsoft 365 Defender portal in early November ahead of enabling the Built-In-Protection policy.
  • Although we do not recommend it, we recognize the need for some organizations to exclude certain users or groups from Built-In-Protection and admins will have the opportunity to configure these exceptions ahead of December rollout.

This is rolling out default on.

Learn more

Message ID: MC296611
Published: 05 November 2021
Updated: 05 May 2022

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker