In order to make configuration and management of security policies easier in Office 365, Microsoft has added some ‘easy buttons’ to process this. The latest option is now placed in the Security and Compliance Center under Threat Management –> Polices. At the top of this page we see a new set of buttons under ‘Templated Polices‘. The button we are interested in is on the left, Preset Security Policies.
** NOTE ** I covered the ‘Configuration Analyzer’ button in a previous article – HERE
When we click on the button we get a new configuration page for configuring policies for our tenant:
As we can see we have two preset policies we can work with – Standard and Strict – and Microsoft provides guidance on these policies here:
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/preset-security-policies
Microsoft provide some basic definitions of the policy intent as well:
“Standard protection: A baseline protection profile that’s suitable for most users.
Strict protection: A more aggressive protection profile for selected users (high value targets or priority users).”
When applying policies, make sure to remember this for order of precedence:
- Strict protection preset security policy
- Standard protection preset security policy
- Custom security policies
- Default security policies
Which means if a user has a custom policy and there is also a Strict policy applied, the Strict policy will win out.
The full list of what makes a policy Standard vs Strict are listed here:
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365-atp
Let’s run through a wizard to see how to configure these for a test user, prior to applying them to an entire domain or organization:
Applying EOP Standard Policy
First, we click on ‘Edit’ to bring up a new policy:
Then we click on ‘Add a Condition’ to scope the policy to a specific recipient, domain or group. In our case, we choose a person:
Once we have a user chosen, we then click next and select the same option for ATP:
After that, we can confirm our settings and apply them:
Creating a Strict policy is exactly the same process.
Reviewing these settings in PowerShell
There are two cmdlets that we can use to view these policies:
Get-ATPProtectionPolicyRule Get-EOPProtectionPolicyRule
Get-ATPProtectionPolicyRule
Get-EOPProtectionPolicyRule
One thing to notice are the corresponding polices:
EOP – Hosted Connection Filter, Anti-Phish and Malware Filter
ATP – Safe Attachments, Safe Link
We can construct more complex policies by using groups and by excluding members from being affected as well.
Recommended Actions
Apply Standard Policies (ATP and EOP) to one user. Apply Strict Polices (ATP and EOP) to another user and test. Compare results over time and then pick the best policy for your environment. If you require custom settings, then neither of these options will work. Custom policies will take more effort, but will also allow you to tweak them for your needs. Once completed, check your settings against the Configuration Analyzer and see if any other actions are required.
Further Reading
I cover this topic and more topics related to email security in two books:
Security and Compliance Center PowerShell
|
Microsoft 365 Security for IT Pros
|
