Skip to Content

MC388229: Microsoft Defender for Office 365 Preset Security Policies

We are making enhancements to Microsoft Defender for Office 365 preset security policies. It will provide a way to apply the policy to the entire organization and be able to optionally configure a list of custom users and custom domains to protect against impersonation attacks.

Impersonation protection applies to Microsoft Defender for Office 365 Plan 1 and Plan 2 & Microsoft 365 Defender

This message is associated with Microsoft 365 Roadmap ID 93262.

We’re adding capabilities within preset security policies (Strict and Standard) to configure custom users and custom domains for impersonation protection. Additionally, within the preset security policy, you will also be able to apply the policy to all recipients instead of selected users, groups, and domains. You will still be able to exclude selected recipients.

MC388229: Microsoft Defender for Office 365 Preset Security Policies
When this will happen

  • Standard: Rollout will begin in late June and be completed by late September
  • GCC/GCC-H/DoD: Rollout will begin in late August and be completed by late November

How this will affect your organization

Security Admins and SecOps teams will be able to apply policy settings to all users of your organization using preset strict/standard policies, however, you can still select specific recipients. SecOps teams will be able to configure custom users and custom domains to protect against impersonation attacks. You will be able to provide a list of trusted senders and trusted domains that you want to allow to be impersonated and it won’t be flagged from such impersonated senders/domains.

Note: Within preset strict/standard policies, the impersonation protections for custom users and domains have always been available and turned ON until now. After this change, when there are custom users and domains added in the list, impersonation protection will be applied to incoming messages and will be quarantined.

What you need to do to prepare

Review your existing Anti-Phishing policies within threat policies and consider creating/updating preset policies with custom users and/or custom domains to protect against impersonation attacks. We recommend updating your necessary training documents accordingly.

Learn More

Message ID: MC388229
Published: 03 June 2022
Updated: 03 June 2022

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that\'s committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we haven\'t implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you\'re currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.