Microsoft Business Premium Implementation Guide – Part 2 of 7

Part 2: Email Protection

Before we continue, let's confirm a few things:

1. All steps have been implemented from Part 1.

2. Enable Defender for Office 365 Preset Policies

Preset security policies provide a centralized location for applying all the recommended spam, malware, and phishing policies at once. The policy settings are not configurable. Instead, they are set by Microsoft and are based on their observations and experiences for a balance between keeping harmful content away from users and avoiding unnecessary disruptions.
Options:
Changes Communicated:

Click here to view the details of each policy.

You can use the custom option above to utilize conditions and exceptions to assign specific users, groups, and/or domains to follow different policies assigned or none at all.

3. Enable Defender for Office 365 Anti-phishing Policies

Protecting your business from unknown email threats in real-time by using intelligent systems that inspect attachments and links for malicious content and prevent impersonation that could lead to successful phishing attacks.
Options:
Changes Communicated:

Click here to view the details of each policy.

You can use the custom option above to utilize conditions and exceptions to assign specific users, groups, and/or domains to follow different policies assigned or none at all.

4. Enable Defender for Office 365 Safe Attachment Policies

Safe attachments uses a virtual environment to check attachments in inbound email messages after they have been scanned by anti-malware protection. This method helps analyze behavior and other indicators to protect against new forms of malware.
Options:
Changes Communicated:

Click here to view the details of each policy.

You can use the custom option above to utilize conditions and exceptions to assign specific users, groups, and/or domains to follow different policies assigned or none at all.

5. Enable Defender for Office 365 Safe Links Policies

Safe links provides URL scanning of inbound email messages in mail flow, and time of click verification of URLs and links in email messages and in other locations. This helps ensure links in emails and Office documents are safe, even if the content at the link destination has changed.
Options:
Changes Communicated:

Click here to view the details of each policy.

You can use the custom option above to utilize conditions and exceptions to assign specific users, groups, and/or domains to follow different policies assigned or none at all.

6. Enable Transport Rule for Attachments with Office Macro Extension

By opening files that contain malicious macros, users can introduce ransomware to the business. To help prevent this, we can insert a warning to the user or block completely whenever a file type that may contain macros flows through the email system.
Options:
Changes Communicated:

Click here to view the details of support file types available for inspection.

You can use the custom option above to utilize conditions and exceptions to assign specific users, groups, and/or domains to follow different policies assigned or none at all.

7. Enable SPF

Enabling SPF is the first step in setting up the fully recommended email authentication methods. SPF identifies which mail servers are allowed to send email on your behalf to help prevent spoofing and phishing.
Options:

8. Enable DKIM

Enabling DKIM is the second step in setting up the fully recommended email authentication methods. DKIM adds a digital signature to outbound email messages in the header of the email. This furthers the prevention of attackers from sending messages that look like they come from your domain.
Options:

9. Enable DMARC

Enabling DMARC is the third step in setting up the fully recommended email authentication methods. DMARC ensures the destination email systems trust message sent from your domain. This helps receiving mail systems decide what to do with messages from your domain that fail SPF or DKIM checks.
Options:
Changes Communicated:

1st Step: Monitor p=none for 60 Days

2nd Step: Establish policy after reviewing reports to ensure turning on the policy will not affect valid email flow.

10. Enable Common Attachment Types Filter

Blocking email attachments that contain file types that are commonly used for spreading malware.
Options:
Changes Communicated:

Click here to view the list of common attachments.

You can use the custom option above to utilize conditions and exceptions to assign specific users, groups, and/or domains to follow different policies assigned or none at all.

11. Block Auto-Forwarded Email to External Recipients

If a cybercriminal gains access to a user’s account, they may auto-forward that person’s email to an outside account. This allows the attacker to watch the flow of email over extended periods of time, looking for opportunities to steal other people’s credentials and impersonate others – for example, to divert payments to a fake supplier.
Options:

STOP!

Let's complete the action items in this section and reconvene as soon as possible.

Our Responsibility:
Your Responsibility: