We are making enhancements to Microsoft Defender for Office 365 preset security policies. It will provide a way to apply the policy to the entire organization and be able to optionally configure a list of custom users and custom domains to protect against impersonation attacks.
Impersonation protection applies to Microsoft Defender for Office 365 Plan 1 and Plan 2 & Microsoft 365 Defender
This message is associated with Microsoft 365 Roadmap ID 93262.
We’re adding capabilities within preset security policies (Strict and Standard) to configure custom users and custom domains for impersonation protection. Additionally, within the preset security policy, you will also be able to apply the policy to all recipients instead of selected users, groups, and domains. You will still be able to exclude selected recipients.

When this will happen
- Standard: Rollout will begin in late June and be completed by late September
- GCC/GCC-H/DoD: Rollout will begin in late August and be completed by late November
How this will affect your organization
Security Admins and SecOps teams will be able to apply policy settings to all users of your organization using preset strict/standard policies, however, you can still select specific recipients. SecOps teams will be able to configure custom users and custom domains to protect against impersonation attacks. You will be able to provide a list of trusted senders and trusted domains that you want to allow to be impersonated and it won’t be flagged from such impersonated senders/domains.
Note: Within preset strict/standard policies, the impersonation protections for custom users and domains have always been available and turned ON until now. After this change, when there are custom users and domains added in the list, impersonation protection will be applied to incoming messages and will be quarantined.
What you need to do to prepare
Review your existing Anti-Phishing policies within threat policies and consider creating/updating preset policies with custom users and/or custom domains to protect against impersonation attacks. We recommend updating your necessary training documents accordingly.
Learn More
- Microsoft 365 > Office 365 security > Prevent > Preset Security Policies in EOP and Microsoft Defender for Office 365
- Recommended Settings for EOP and Microsoft Defender for Office 365 Security
- Microsoft Docs > Reference > defender-for-office-365 > New-AntiPhishPolicy
- Microsoft Tech Community > Security, Compliance, and Identity > Microsoft Defender for Office 365 Blog > Configurable impersonation protection and scope for Preset Security policies
Message ID: MC388229
Published: 03 June 2022
Updated: 03 June 2022