Disclaimer: While these security settings provide strong protection against phishing, malware, and other email threats, no system is 100% foolproof. Phishing attempts may still occur despite these measures. This guide has been created to the best of our knowledge and reflects current best practices. Always stay vigilant and follow security best practices when handling emails.
⚠️ Note: For even more comprehensive protection, especially for macOS environments, consider our Security+ Package, which provides additional layers of defense and advanced monitoring capabilities.
🚀 Microsoft 365 Email Security Features
Microsoft 365 offers robust, built-in email protection features to help safeguard users from spam, malware, phishing, and other threats. Depending on your subscription (Business Standard or Business Premium), you gain access to different levels of security controls. This article outlines the available features to help you stay protected.
🔐 Accessing Security Setting in Microsoft 365
To get started, open the Microsoft 365 Admin Center and follow these steps:
In the left-hand menu, scroll down to "Admin Center".
Navigate to "Security." A new tab will open.
Click on "Email & Collaboration" and then go to "Policies & Rules."
Now select "Threat Policies" to configure the relevant protection settings.
⭐️ Recommended Configuration Settings
Business Standard offers fundamental protection suitable for general use. However, if your business handles sensitive data or requires stronger security, upgrading to Business Premium is strongly recommended. Business Premium includes advanced anti-phishing features and enhanced email security controls that significantly improve protection against evolving threats within the Microsoft 365 environment. By properly configuring these built-in features, you can effectively reduce the risk of phishing attacks.
👉 For Business Standard:
Apply Standard Preset Security Policies for a strong baseline:
Go to "Preset Security Policies" and select "Standard Protection."
This will activate Microsoft’s recommended baseline protection against spam, phishing, and malware.
Customize anti-spam and anti-phishing policies as needed:
Standard policies are applied by default, but we recommend reviewing and tailoring them to your organization’s specific risk profile.
Under "Policies", you can find both anti-spam and anti-phishing settings.
For more information, refer to Microsoft’s support documentation on configuring these policies. You can find more information here about anti-spam policies and here about anti-phishing.
Define quarantine policies to control user access to potentially harmful messages:
You can configure these under "Policies" > "Quarantine Policies" and customize how users interact with quarantined emails and set notification preferences.
Microsoft provides detailed instructions on setting custom quarantine notifications and user access. You can find them here.
👉 For Business Premium:
Apply Strict Preset Security Policies to high-risk users:
Go to "Preset Security Policies" and choose "Strict Protection".
This profile is ideal for high-risk or high-value users (e.g., executives or admins) and enables more aggressive protection against targeted attacks.
Define trusted users and domains for impersonation protection:
In your Anti-Phishing Policies, define trusted users and domains.
This helps block attackers trying to impersonate internal accounts or spoof your domain. You can find more information here.
Adjust Safe Links and Safe Attachments policies for added control:
These settings are located under "Policies" > "Safe Links" and "Safe Attachments."
These features scan URLs and attachments in real time to prevent malicious data from loading onto your devices.
Microsoft’s support pages provide helpful setup walkthroughs for both policies, here for Safe Links and here for Safe Attachments.
⚠️ Our Recommendation: extra Protection with Security+!
We recommend evaluating our Security+ Package. It provides more comprehensive detection, particularly for macOS systems and older Windows versions. Since no organization is immune to sophisticated threats, Security+ serves as a powerful complementary layer with advanced monitoring and broader threat visibility.
For configuration help or to learn more about Security+, please contact hello@deeploi.io.
Comments
0 comments
Please sign in to leave a comment.