Home → Office 365 → Tenancy Setup - Administration Guide → Microsoft Defender for Office 365 – Setup & Policy Guide (2025)
1.3. Microsoft Defender for Office 365 – Setup & Policy Guide (2025)
✅ Microsoft Defender for Office 365 – Setup & Policy Guide (2025)
1. Access Microsoft 365 Defender
-
Sign in with Global Administrator or Security Administrator role.
2. Use Preset Security Policies (Recommended)
Path:
📍 Email & Collaboration → Policies & rules → Threat policies → Preset security policies
Configure:
-
✅ Standard Protection – apply to all users
-
✅ Exchange Online Protection (EOP) – enabled
-
✅ Microsoft Defender for Office 365 – enabled
-
✅ Impersonation protection – add:
-
Domain:
arrowinteriorservices.co.uk -
VIP email addresses (e.g.,
ceo@,finance@)
-
-
❌ Trusted senders – only add verified external services (not your own domain)
-
✅ Mode: Enforce
-
✅ Turn on when finished
3. Configure Safe Attachments
Path: Threat policies → Safe Attachments
-
Enable for:
-
Email
-
SharePoint, OneDrive, and Microsoft Teams
-
-
✅ Use Dynamic Delivery
4. Configure Safe Links
Path: Threat policies → Safe Links
-
Enable for:
-
Email
-
Microsoft Teams
-
Office documents
-
-
✅ Enable time-of-click protection and link rewriting
5. Anti-Phishing Settings
Path: Threat policies → Anti-phishing
-
Enable:
-
Mailbox intelligence
-
Impersonation protection for your domain and key users
-
-
Set actions to quarantine for impersonation or phishing attempts
6. Anti-Spam & Anti-Malware Policies
Path: Threat policies → Anti-spam and Anti-malware
-
Enable aggressive spam filtering
-
✅ Quarantine spam and bulk messages
-
✅ Block executable attachments and known malware patterns
7. Create a Quarantine Policy
URL: https://security.microsoft.com/quarantinePolicies
Create policy with:
| Setting | Recommended Value |
|---|---|
| Name | CIT Created |
| Allow release of spam & bulk | ✅ Yes |
| Allow release of high-confidence phishing | ❌ No |
| Allow preview of messages | ✅ Yes |
| Allow sender | ✅ Yes (use with caution) |
| Allow reporting to Microsoft | ✅ Yes |
| Frequency | ✅ Once per day |
| Exclude blocked senders | ✅ Yes (recommended) |
8. Link Quarantine Policy to Anti-Spam or Preset Policy
-
For Anti-Spam:
-
Edit your anti-spam policy → Notifications → assign
CIT Created
-
-
For Preset Policy:
-
Edit Preset Policy (Standard/Strict) → scroll to End-user notifications → assign
CIT Created
-
9. Enable Global Spam Notification Setting
Path:
📍 Threat Policies → Anti-Spam Policies → Edit your policy
-
✅ Toggle on: "Send end-user spam notifications"
-
✅ Frequency: Once per day
-
✅ Customize template or branding if needed
10. Test End-User Access
-
Verify users can access their quarantine:
👉 https://security.microsoft.com/quarantine -
Emails will come from:
quarantine@messaging.microsoft.com
✅ Final Checklist
| Task | Status |
|---|---|
| Preset security policies applied | ✅ Yes |
| Domain and VIPs protected via impersonation | ✅ Yes |
| Quarantine policy created and assigned | ✅ Yes |
| Global spam notification enabled | ✅ Yes |
| Daily email notifications configured | ✅ Yes |
| Safe Attachments and Safe Links active | ✅ Yes |
| End users trained to access and manage quarantine | 🟡 Optional (Recommended) |