Menu
Modern Workplace Blog
  • Home
  • About: Kenneth van Surksum
  • Cookie Policy
Modern Workplace Blog
August 13, 2020October 19, 2020

Office 365 Templated policies and Preset security policies in Exchange Online Protection and Office 365 ATP

In my deep dive article on Office 365 Advanced Threat Protection (ATP) I mentioned that Microsoft provides best practices as described in the following article: “Recommended settings for EOP and Office 365 ATP security“. When implementing the settings in the article you either have the option to go for a “Standard” or “Strict” security level, and you can check your environment towards these best practices using the Office 365 ATP Recommended Configuration Analyzer (ORCA).

After returning from my holiday this year, I noticed a welcome addition to the Threat Management Policy page in the Office 365 Security & Compliance center called “Templated Policies”, for now the section Templated policies contains one section called “Preset security policies”

Templated policies section in the Office 365 Security & Compliance center

Templated policies are based on Microsoft recommendations and current attack trends. As the threat landscape changes, these policies can be automatically updated by Microsoft. You can immediately implement these policies, and they will always adhere to Microsoft’s latest recommendations.

A preset security policy is compilation of settings for all security policies: anti-spam, outbound spam filter, anti-malware, anti-phishing, ATP Safe Links, and ATP Safe Attachments.

Having these templates available is in line with other products where Microsoft is creating templates which you easily implement in order to secure your environment, just like the Security Defaults in Azure Active Directory, which I described in my article: “Microsoft deprecates Conditional Access baseline policies in favour of Security Defaults, here is what you need to know and do“.

Preset security policies

Microsoft provides “Standard” en “Strict” protection profiles which eventually implement the settings as described by Microsoft’s best practices. They are not configurable from a settings perspective.

Preset security policies in action

For each protection profile you have the following options:

  • Enable or disable the policy
  • Define to whom the EOP protections apply using conditions
  • Define to whom the ATP protections apply using conditions
Applicability of the policy

Once enabled the following policies will be created, named Standard Preset Security Policy and Strict Preset Security Policy under each configuration node.

Exchange Online Protection

  • Anti-Spam
  • Anti-Malware
  • EOP Anti-phishing policies

Office 365 Advanced Threat Protection

  • ATP Anti-phishing policies
  • Safe Links policies
  • Safe Attachments policies
  • Anti-Malware policy additions
  • Anti-spam policy additions
  • (ATP) Anti-phishing policy additions
  • ATP Safe Attachments policy additions
  • ATP Safe Links policy additions

Note: When you enable the policy, and later disable it again, the policies remain in the configuration but will be in a disabled state.

Configuration Analyzer for protection policies

With the templates Microsoft also released the Configuration Analyzer for protection policies in EOP and Office 365 ATP in preview. Configuration analyzer in the Security & Compliance center provides a central location to find and fix any of your security policies that contain settings that are below the Standard protection and Strict protection profile settings in preset security policies.

Unfortunately the Configuration Analyzer was not active yet in either of my tenants, once available I’ll update this article. For the time being, the following article provides an idea of what is does: Configuration analyzer for protection policies in EOP and Office 365 ATP

Configuration Analyzer option

Update October 2020: In the meantime this functionality is available within tenants.

Recommendations within the Portal from the Configuration Analyzer

Conclusion

Templated policies, and preset security policies are a welcome addition to Office 365. I would advise to use these templates on new Office 365 implementations right from the start. For organizations who already have security settings implemented you can either keep them and evaluate your policies against the best practices using ORCA/the Configuration Analyzer, or you can transition to the new policies, since the policies can easily be scoped to groups or specific users.

Disadvantage of using this option, is that if Microsoft modifies any setting, you might be surprised, you either need to keep an eye on announcements of Microsoft doing so, or live with the fact that this can happen. It will depend per organization.

References

Preset security policies in EOP and Office 365 ATP

Configuration analyzer for protection policies in EOP and Office 365 ATP

Tweet
Follow me
Tweet #WPNinjasNL

Continue Reading

← Office 365 Advanced Threat Protection (ATP) deep dive
Assigning groups to Azure AD roles and Privileged access groups, a first look! →

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Founding member of:

Recent Posts

  • MAM vs. MDM: Choosing the Right Mobile Management Approach
  • Comparing Web Filtering and Security: Microsoft Entra Internet Access (Global Secure Access) vs. Microsoft Defender for Endpoint (MDE)
  • Navigating New Authentication Methods: SMS for Password Reset, Not for MFA
  • From SPF to DANE: Securing Microsoft 365 Email Communications
  • Protecting your Break Glass accounts in Entra now that MFA gets enforced on more and more Admin portals

Books

System Center 2012 Service Manager Unleashed
Amazon
System Center 2012 R2 Configuration Manager Unleashed: Supplement to System Center 2012 Configuration Manager
Amazon
System Center Configuration Manager Current Branch Unleashed
Amazon
Mastering Windows 7 Deployment
Amazon
System Center 2012 Configuration Manager (SCCM) Unleashed
Amazon

Archives

  • February 2025
  • January 2025
  • September 2024
  • February 2024
  • January 2024
  • December 2023
  • November 2023
  • September 2023
  • August 2023
  • February 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • May 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • August 2019
  • July 2019
  • November 2016
  • November 2015
  • June 2015
  • May 2015
  • November 2014
  • July 2014
  • April 2014
  • March 2014
  • February 2014
  • January 2014
  • November 2013
  • August 2013
  • April 2013
  • March 2013
  • January 2013
  • December 2012
  • November 2012
  • August 2012
  • July 2012
  • June 2012

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Categories

  • ABM (4)
  • Advanced Threat Protection (4)
  • Announcement (44)
  • Azure (3)
  • AzureAD (73)
  • Certification (2)
  • Cloud App Security (5)
  • Conditional Access (58)
  • Configuration Manager (24)
  • Entra (2)
  • Entra Id (8)
  • Events (14)
  • Exchange Online (9)
  • Identity Protection (5)
  • Intune (27)
  • Licensing (2)
  • Microsoft Defender (1)
  • Microsoft Defender for Endpoint (1)
  • Microsoft Endpoint Manager (35)
  • Mobile Application Management (4)
  • Modern Workplace (74)
  • Office 365 (10)
  • Overview (11)
  • Power Platform (1)
  • PowerShell (2)
  • Presentations (9)
  • Privileged Identity Management (5)
  • Role Based Access Control (2)
  • Security (63)
  • Service Manager (4)
  • Speaking (30)
  • Troubleshooting (4)
  • Uncategorized (11)
  • Windows 10 (15)
  • Windows 11 (5)
  • Windows Update for Business (4)
  • WMUG.nl (16)
  • WPNinjasNL (32)

Tags

#ABM #AzureAD #community #conditionalaccess #ConfigMgr #IAM #Intune #m365 #MEM #MEMCM #microsoft365 #modernworkplace #office365 #security #webinar #wmug_nl ATP authentication strength AzureAD Branding Community Conditional Access ConfigMgr ConfigMgr 2012 Email EXO Identity Intune Licensing M365 MCAS MFA Modern Workplace Office 365 OSD PIM Policy Sets Presentation RBAC roles Security System Center Task Sequence troubleshooting webinar

Recent Comments

  • brc on Protecting your Break Glass accounts in Entra now that MFA gets enforced on more and more Admin portals
  • [m365weekly] #186 – M365 Weekly Newsletter on MAM vs. MDM: Choosing the Right Mobile Management Approach
  • Dean Gross on Comparing Web Filtering and Security: Microsoft Entra Internet Access (Global Secure Access) vs. Microsoft Defender for Endpoint (MDE)
  • nikhil tech on Protecting your Break Glass accounts in Entra now that MFA gets enforced on more and more Admin portals
  • Kenneth on Comparing Web Filtering and Security: Microsoft Entra Internet Access (Global Secure Access) vs. Microsoft Defender for Endpoint (MDE)

This information is provided “AS IS” with no warranties, confers no rights and is not supported by the author.

Copyright © 2021 by Kenneth van Surksum. All rights reserved. No part of the information on this web site may be reproduced or posted in any form or by any means without the prior written permission of the publisher.

Shorthand: Don’t pass off my work as yours, it’s not nice.

©2025 Modern Workplace Blog | Powered by WordPress and Superb Themes!
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT