Step-by-Step Configuration of Microsoft Defender for Office 365
๐ฏ Objective
To configure email security policies in Microsoft 365 to protect against:
- Phishing attacks
- Malicious links
- Unsafe attachments
๐ ๏ธ Prerequisites
- Microsoft 365 Admin access
- Defender for Office 365 license (Plan 1 or Plan 2)
๐ Step 1: Open Microsoft Defender Portal
- Go to: https://security.microsoft.com
- Sign in with admin account
- Navigate to:
Email & Collaboration โ Policies & Rules
๐ Step 2: Configure Safe Links Policy
- Go to: Threat Policies โ Safe Links
- Click Create Policy
- Configure:
- Name:
SafeLinks-Policy - Apply to: All Users
- Enable:
โ URL scanning
โ Real-time protection
โ Click tracking
- Click Save
๐ This ensures malicious links are blocked before users open them.
๐ Step 3: Configure Safe Attachments
- Go to: Threat Policies โ Safe Attachments
- Click Create Policy
- Configure:
- Name:
SafeAttachments-Policy - Action: Block or Dynamic Delivery
- Apply to: All Users
- Click Save
๐ Attachments will be scanned in a sandbox before delivery.
๐ญ Step 4: Configure Anti-Phishing Policy
- Navigate to: Threat Policies โ Anti-Phishing
- Click Create Policy
- Configure:
- Enable impersonation protection
- Add protected users (CEO, Admins)
- Enable mailbox intelligence
- Save policy
๐ Helps prevent spoofing and impersonation attacks.
๐งช Step 5: Test the Configuration
- Send a test email with:
- Suspicious link
- Attachment
- Observe:
โ Link gets blocked
โ Attachment scanned
โ Alerts generated
๐ Step 6: Monitor Threats
- Go to: Dashboard โ Threat Explorer
- Review:
- Detected threats
- Blocked emails
- User activity
๐ก Real-World Scenario
User receives phishing email:
โ Safe Links blocks URL
โ Safe Attachments scans file
โ Email flagged as suspicious