Microsoft Corporation, Microsoft Office, Microsoft 365, Cloud computing Learn Microsoft 365 Threat Protection Policies in just 20mins

What are they, how do they work and as always, what can they do for you, Music greetings. Fellow youtubers. Welcome back to the channel andy malone, microsoft mvp, as well as a microsoft, certified trainer. First up. Thank you to everyone who wished me well um. Last week, ive had covert im just recovering from it um, but im im fighting for it now were going to be good and im going to start creating more content again. The second thing i want to mention by the way is, i got to tell you. I recorded a video uh just about a week ago, seven days ago, uh on top tips for microsoft, 365, its just hit 10k views, and that is my most popular video ever i couldnt believe it its crazy. You know you record a video that you think is really good and not many people watch it, and then you record a video that you think is: okay and loads of people watch it. So i dont know its a funny world out there isnt it um now on the subject of subscribers, you guys are just an absolute bunch of stars um. I we just hit 11k, so i got to take my hat off to you guys. Thank you so much. I cant tell you how much i really do appreciate it, and i actually had an interesting comment from somebody saying andy: can we just do the demos rather than all the chit chat in between? Well? No is the honest answer, and the reason for that is: i want this channel to be about community.

I want to give you guys the opportunity to know me to ask questions and to feel like youre part of something thats, what this channels about, if its just a quick demo that youre looking for im sure theres plenty of other channels out there um. That said, any questions comments any feedback. You know i love it, get them down below and ill do my best for you all right. So i think without any more jibber jabber, i think, were gon na get into todays topic. Now. Microsoft, defender for 365 has been out around a little while um, originally titled, atp or advanced threat protection. It added a couple of new features to the threat protection policies which come part of microsoft, 365.. Now most customers. In fact, all customers have something called eop exchange online protection, and this covers things like anti malware, antivirus and so on and to be fair out of the box. You get some pretty good policies kind of pre created, but i thought it would be quite useful to go in and have a look at actually how we can customize them and how you can tailor them really for your needs. In addition, this session im going to take a look at safe attachments, absolutely awesome feature as well as safe links as well, so i think without any more jibber jabber, i think its about time. We got to the demos enjoy so im kicking off here in microsoft, 365 and im coming down into the security admin center.

Now the security admin center has actually been recently rebranded, its now part of the microsoft defender brand of portals, and you can see that this particular portal is defender for 365. and what i thought we would do is take a look at some of the most common Features in here and specifically todays session, i want to really kind of focus on this area here. This is policies and rules, and specifically, i want to take a look at some of the threat policies now, just before i go into that. I just want to mention a few things and if you have um a subscription for microsoft, 365 and also things like defender for endpoint, if youve got defender for endpoint, that would appear here underneath the email and collaboration so um. The idea is that we have one portal, but, depending on the subscriptions that you have you, yours might look slightly different to this one. Now, if you want to learn about tools like defender for endpoint and lets, say defender for cloud apps, i did some uh videos on those recently on my channel. So please take a look at those today. What i thought i would do, though, is i would take a look at some of the threat management features and specifically id like to talk about policies and going into policies im going to talk about threat policies. Now, threat policies are designed to defend your organization to keep you safe, now, really theres a little bit of confusion out there.

So if you have a business account with microsoft, 365, so a business basic, not necessarily premium, but also if youve got enterprise and things like that um every customer has something called eop or exchange online protection and exchange online protection has been around for quite some time And it provides things like anti phishing, anti spam and anti malware policies now, in addition, if you have an emns subscription enterprise, mobility and security, both e3 and e5, then youll also get safe attachments and also safe links, and you also get this with business premium as Well, and what i thought i would do is just take a look at some of these features and just make sure that youre managing them in the best way. Now anti fishing is particularly powerful and specifically because of course, hackers typically are going to send you fake emails and fake emails can cause a real nightmare within an organization. Spam makes up for something like 90 odd percent of internet traffic uh and now, although spam is not particularly malicious, um fishing potentially is now out of the box. Here you can see that we have a default anti phishing policy, so i can go into here and we can have a look at this policy and you can see that um again um. It looks at the or it picks up the settings from the microsoft defender, and you can go in of course, and you can edit these as well, so things like, if you want to add in things like trusted, senders and trusted domains.

That means organizations that you want to communicate with and now youll notice here you can also protect your domain as well, so you can add in any domains that youve added. So if you purchase the domain name called its important that you include your own domains. Just to make sure that spammers and hackers are not using your domain to spam people so again and interestingly, by the way you notice its off by default. Now you can also include custom domains that you purchase as well and any kind of trusted domains. So any you know third party partners, customers things like that. You can add those in now youll notice that we have something called mailbox intelligence and mailbox intelligence. Uh essentially prevents things like impersonation protection or or provides impersonation protection. I should say – and this is really important – because uh spammers, of course, especially things like spear phishing attacks – a spear phishing attack – will typically um an invoice might come in and it might be from your cio, your information officer saying this is a an invoice. Can you please pay it and, of course, its not its fake, because theyre just spoofing your email address so very, very dangerous um and this um feature here is absolutely fantastic. So this is the anti spoofing feature now to be honest out of the box, its actually pretty good. But again you can um not only configure those spoofing settings, but you can also add, as i said, youve got.

You can edit those protection settings as well. Now this is a perfect example of a technology thats managed by ai artificial intelligence and, of course, machine learning, so thats the anti phishing policy, absolutely superb, um. Something else that every customer gets is the anti spam policy and the anti spam policy. Like the anti fish policy. You get a number of default settings here and really we have kind of got three core default settings and these really impact everyone. So youve got an anti spam. Inbound youve got an outbound policy and youve also got something called a connection filter, so things like ip addresses and also domain names that you might want to block, for example. So if i go into the anti spam outbound policy here just scroll down and you can see – i can go in – and i can edit those thresholds here, so you can also block you, know people from specific countries or contain specific languages and and things like that – Which, again, are are pretty good now again, just scrolling down a little bit more. You can also scroll. You can switch on things like safety tips um, you know if it detects spam. What you want me to do with it put it in the junk folder. We also have something called zero hour, auto purge here or zap, and what zap does is if a user in your organization has received malicious mail in the past, then machine learning kicks in and says, hang on this youre trying to resend something something nasty and it Wont let this happen again, so it prevents reoccurrence excellent feature by the way, all right, um now just out of the box by the way, um im often asked andy how good is defender in terms of anti spam and antivirus and malware, and things like that.

Actually, it uses nine different scanning engines, so all your favorite scanning engines from the different vendors and microsoft uses all of these all right so definitely take a look at the anti spam policies. Now very useful is also the anti malware policies now. To be honest, i have a problem with this tool. Um, you get a default policy for every user, its okay, its okay, but i would say that safe attachments are is so much better than this all right. It really builds on top of this. However, i can go into the protection settings here and you can see. Uh zap is also on here as well, but again things like recipient notifications, um, so notify recipients. If theyre um, any email containing malware is quarantined, send a notifications. I love this one by the way notify external senders. If their message is successful with with malware, maybe not okay, um again youve got some admin notifications. So again you can go ahead and you can customize those settings now. Out of the box, like i said its okay, and but if you really want to go much further, i would say that you probably want to take a look at something called safe attachments. Now, safe attachments is available with microsoft, 365 em and s. So if youre using e3 emns, e5 and also business premium, then youll get safe attachments and i was recently in trondheim in norway heres an attachment, uh policy that i created recently so ive.

Just given a description and ive said hey, i want to include these groups and im going to go in and edit the different settings now, if i just have a look at this youll notice that actually there are five different settings here. So, in this case, off means attachments will not be scanned. Okay, so if theres malware, it will get through monitor now, you may want to, for example, create a policy that maybe sits alongside your security team and in your security team. You might want to do some malware analysis and, if you want to monitor the results of the malware, so if somebody opens up the malware again, it could be a test account a trial account. This would be you used, for that block is exactly as it says, on the tin. This would block current on all future message. Attachments that contain malware, just it would just kill them dead. These two, however, are really interesting, um replace. So what this does is it blocks attachments with detected malware but continues to deliver the message, so the message is received by the user and the user will see a little message where the attachment was saying something like hey this. This uh email contained potential malware, but weve removed. It yes get the idea now compare that with this, this is called dynamic delivery. This is my favorite. This is currently in preview and to be fair. Its been in preview for the last two years so immediately deliver the message without the attachment and then scan the attachment and then reattach it.

So essentially what happens? Is the user gets the email minus the attachment and theyll just get a little messy saying: hey this attachment is being scanned at the moment. Well, reattach it as soon as possible, okay, and that is how it works all right. So again, five different settings off monitor, block, replace and dynamic delivery. Now, if any of you are doing the microsoft 365 certifications, you always get that question whats the difference between replace and dynamic delivery, but i got to tell you, if youre in a sensitive environment and youre concerned about malware. This, in my opinion, is an absolutely must have uh tool all right, and you can also create your own quarantine, um policy there as well. Now. The other features in here really are for things like enable redirects. So, for example, you would do this if you were lets, say monitoring the results of a piece of malware. You might want to redirect it to a specific user thats. What thats for all right now. I really like this feature, definitely check this out safe attachments and even if you just um, create a trial tenant just to play with it and its a fantastic feature, all right, Music now. The final thing i just want to mention is something called safe links and again safe links. Incredibly easy again, you get a default built in protection comes from microsoft, and what this essentially does is microsoft, have a huge catalogue of known, malicious links, all right and within that catalog.

If any of your users receive any malicious links from any attachments emails, chats teams anything at all, they will get a warning message and that warning message can either be yellow and the yellow warning message basically says: hey you know this is an unusual link were just Going to scan it check that its okay, if it turns red its a known, malicious link all right again, this is a fantastic feature, super simple to work. Um and again, you can create multiple policies if you want to, but again out of the box. To be honest, its pretty good now again, youve also got some global settings here as well, so global settings for users. So if you wanted to add in kind of a default base of users um, so you could say settings that apply the content to supported 365 apps again, things like link, sorry links in things like teams and microsoft, 365 groups and so on. Um do not track um protected uh links in microsoft, 365, so again, um if theyre put if theyre known protected. That means dont track them to their source, and that really is just a privacy feature all right. So there we go. Ladies and gentlemen, um safe links, safe attachments, anti malware, anti spam, anti phishing, otherwise known as the threat policies in microsoft, 365 defender. So there you have it microsoft, defender for 365, absolutely awesome, features and definitely easy to implement. Hey, listen! Really! Thank you! So much for dropping by if youve enjoyed this session bump that like button, it really does make a difference.

And, of course, if youve not subscribed hit that subscribe. Button ring the bell and you wont, miss out on future tutorials. And if you have a any questions of course about this or any of my other sessions, please just get them down below and ill do my best all right. So until next time you stay safe and ill, see you soon all the best, hey thanks.

What do you think?

Written by freotech


Leave a Reply

Your email address will not be published. Required fields are marked *



Microsoft Corporation, Microsoft Office, Microsoft 365, Cloud computing Step into the future of identity & access with Microsoft Entra

Apple, Apple Worldwide Developers Conference, iOS, 2022 Rumor Roundup! iPhone 14, iOS 16 and more ⚡️