MC296611: Microsoft Defender for Office 365: Introducing Built-In-Protection

We’re are introducing a powerful new default security preset called Built-in-Protection in Defender for Office 365. Built-in-Protection is a third preset security policy (like the Standard and Strict preset policies), and is enabled by default for all new and existing customers. It will implement a version of Safe Links and Safe Attachments resulting in low impact on the end-user. It’s low impact as the end user experience will not be changed – URL links will not be wrapped. However, it will implement delivery time file and URL detonation as well as time of click protection. This message is associated with Microsoft 365 Roadmap ID 72208.

We are introducing Built-In Protection for Microsoft Defender for Office 365 to automatically elevate all users within your organization to the base level of security protection. Built-In Protection will implement a low impact version of Safe Attachments and Safe Links, removing burden on admins to configure users with recommended security settings and policies. This new preset security policy will require no admin action and will be turned on by default for all new and existing customers. As a result, customers will be automatically protected from unintentional configuration gaps in their policies and experience overall improved protection against phish and malicious message delivery to end users.

MC296611: Microsoft Defender for Office 365: Introducing Built-In-Protection

Key Points

  • Timing: We will begin rolling out in mid-December and complete by late January. Begining in early November, you will be able to view the Built-in-Protection preset in the Defender for Office 365 portal and configure any exceptions required ahead of the policy enablement rollout that begins in mid-December.
  • Action: Review and assess impact to users in your organization.

Note: Configured exceptions will be honored for the Safe Links and Safe Attachment settings within Built-In-Protection when it is eventually enabled for your tenant. Configured exceptions do not apply to the global Safe Links and Safe Attachment settings within Built-in-Protection. To changes these settings after Built-in-Protection is enabled, admins can modify the global Safe Attachments or global Safe Links policies directly at any time. To learn about the specific settings set by Built-in-Protection, please see: Microsoft recommendations for EOP and Defender for Office 365 security settings – Office 365 | Microsoft Docs

How this will affect your organization

Built-In-Protection will not impact users who currently have a Safe Links or Safe Attachments policy in place.

Note: For users already covered under the standard or strict preset; or under an explicit custom policy, this new built-in preset will not impact them as this policy has the lowest priority.

Policies will be applied in the following order of precedence:

  1. Strict
  2. Standard
  3. Custom
  4. Built-In-Protection or default

This means that if additional domains are added to your tenant, they will automatically be protected through Built-In-Protection with a base level of Safe Links and Safe Attachment. This will reduce the administrative burden and time involved to protect these users, as they’ll get instant protection under the Built-in preset.

What you need to do to prepare

No security admin action is required. You will want to review the impact to users who are not already protected under a standard or strict preset or under an explicit Safe Links and Safe Attachment custom policy.

  • We will release the option to configure exceptions in the Microsoft 365 Defender portal in early November ahead of enabling the Built-In-Protection policy.
  • Although we do not recommend it, we recognize the need for some organizations to exclude certain users or groups from Built-In-Protection and admins will have the opportunity to configure these exceptions ahead of December rollout.

This is rolling out default on.

Learn more

Message ID: MC296611
Published: 05 November 2021
Updated: 18 November 2021
#NewFeature #AdminImpact
Plan For Change