Protect against malware and other cyberthreats with Microsoft 365 Business Premium

In this objective, you increase your threat protection with Microsoft 365 Business Premium. It's critical to protect your business against phishing, malware, and other threats. This article includes information about:

Review and apply preset security policies

Your subscription includes preset security policies that use recommended settings for anti-spam, anti-malware, and anti-phishing protection. By default, built-in protection is enabled; however, consider applying standard or strict protection for increased security.

Screenshot of preset security policies.

Note

Preset security policies are not the same thing as security defaults. Typically, you'll be using either security defaults or Conditional Access first, and then you'll add your security policies. Preset security policies simplify the process of adding your security policies. You can also add your own custom policies.

What are preset security policies?

Preset security policies provide protection for your email and collaboration content. These policies consist of:

  • Profiles, which determine the level of protection
  • Policies (such as anti-spam, anti-malware, anti-phishing, spoof settings, impersonation, Safe Attachments, and Safe Links)
  • Policy settings (such as groups, users, or domains to receive the policies and any exceptions)

The following table summarizes the levels of protection and preset policy types.

Level of protection Description
Standard protection
(recommended for most businesses)
Standard protection uses a baseline profile that's suitable for most users. Standard protection includes anti-spam, anti-malware, anti-phishing, spoof settings, impersonation settings, Safe Links, and Safe Attachments policies.
Strict protection Strict protection includes the same kinds of policies as standard protection, but with more stringent settings. If your business must meet additional security requirements or regulations, consider applying strict protection to at least your priority users or high value targets.
Built-in protection Protects against malicious links and attachments in email. Built-in protection is enabled and applied to all users by default.

Tip

You can specify the users, groups, and domains to receive preset policies, and you can define certain exceptions, but you cannot change the preset policies themselves. If you want to use different settings for your security policies, you can create your own custom policies to suit your company's needs.

Policy order of priority

If users are assigned multiple policies, an order of priority is used to apply the policies. The order of priority works as follows:

  1. Strict protection receives the highest priority and overrides all other policies.

  2. Standard protection

  3. Custom security policies

  4. Built-in protection receives the lowest priority and is overridden by strict protection, standard protection, and custom policies.

Strict protection overrides all other policies, and built-in protection is overridden by the other policies.

To learn more about preset security policies, see What preset security policies are made of.

How do I assign preset security policies to users?

Important

Before you begin, make sure you have one of the following roles assigned in Exchange Online (which is included in your subscription):

  • Global Administrator
  • Organization Management
  • Security Administrator

To learn more, see Permissions in Exchange Online and About admin roles.

To assign preset security policies, follow these steps:

  1. Go to the Microsoft 365 Defender portal (https://security.microsoft.com) and sign in.

  2. Go to Email & Collaboration > Policies & Rules > Threat policies > Preset Security Policies in the Templated policies section. (To go directly to the Preset security policies page, use https://security.microsoft.com/presetSecurityPolicies.)

  3. On the Preset security policies page, in either the Standard protection or Strict protection section, change the toggle from Disabled to Enabled, and then select Manage.

  4. The Apply Standard protection or Apply Strict protection wizard starts in a flyout. On the EOP protections apply to page, identify the internal recipients that the policies apply to (recipient conditions):

    • Users
    • Groups
    • Domains

    Click in the appropriate box, start typing a value, and then select the value that you want from the results. Repeat this process as many times as necessary. To remove an existing value, select the Remove icon next to the value.

    For users or groups, you can use most identifiers (name, display name, alias, email address, account name, etc.), but the corresponding display name is shown in the results. For users, type an asterisk (*) by itself to see all available values.

    To specify an exclusion, select the Exclude these users, groups, and domains checkbox, and then specify users, groups, or domains to exclude.

    When you're finished, select Next.

  5. On the Defender for Office 365 protections apply to page to identify the internal recipients that the policies apply to (recipient conditions). Specify users, groups, and domains just like what you did in the previous step.

    When you're finished, click Next.

  6. On the Review and confirm your changes page, verify your selections, and then select Confirm.

Tip

To learn more about assigning preset security policies, see the following articles:

Create custom security policies

The preset security policies described earlier in this article provide strong protection for most businesses. However, you're not limited to using preset security policies only. You can define your own custom security policies to suit your company's needs.

Use our quick-start guide, Protect against threats, to get started creating your own custom policies. The guidance not only walks you through how to set up your own security policies, it also provides recommended settings to use as a starting point for:

Set sharing settings for SharePoint and OneDrive files and folders

By default, sharing levels are set to the most permissive level for both SharePoint and OneDrive. We recommend changing the default settings to better protect your business.

  1. Go to Sharing in the SharePoint admin center, and sign in with an account that has admin permissions for your organization.

  2. Under External sharing, specify the level of sharing. (We recommend using Least permissive to prevent external sharing.)

  3. Under File and folder links, select an option (such as Specific people). Then choose whether to grant View or Edit permissions by default for shared links (such as View).

  4. Under Other settings, select the options you want to use.

  5. Then choose Save.

Tip

To learn more about these settings, see Manage sharing settings.

Review your alert policies

Alert policies are useful for tracking user and admin activities, potential malware threats, and data loss incidents in your business. Your subscription includes a set of default policies, but you can also create custom ones. For example, if you store an important file in SharePoint that you don't want anyone to share externally, you can create a notification that alerts you if someone does share it.

The following image shows some of the default policies that are included with Microsoft 365 Business Premium.

Default alert policies included with Microsoft 365.

View your alert policies

  1. Go to the Microsoft Purview compliance portal at https://compliance.microsoft.com and sign in.

  2. In the navigation pane, choose Policies, and then choose Alert policies.

  3. Select an individual policy to view more details or to edit the policy. The following image shows a list of alert policies with one policy selected:

    Screenshot of a selected alert policy.

Tip

For more information, see alert policies.

How to view alerts

You can view your alerts in either the Microsoft 365 Defender portal or the Microsoft Purview compliance portal.

Type of alert What to do
Security alert, such as when a user clicks a malicious link, an email is reported as malware or phish, or a device is detected as containing malware Go to the Microsoft 365 Defender portal and under Email & collaboration select Policies & rules > Alert policy. Alternatively, you can go directly to https://security.microsoft.com/alertpolicies.
Compliance alert, such as when a user shares sensitive or confidential information (data loss prevention alert) or there's an unusual volume of external file sharing (information governance alert) Go to the Microsoft Purview compliance portal, and then select Policies > Alert > Alert policies.

For more information, see View alerts.

Disable or manage calendar sharing

You can prevent people in your organization from sharing their calendars. You can also manage what level of detail they can share. For example, you can restrict the sharing to free/busy times only.

  1. Go Org settings in the Microsoft 365 admin center and sign in.

  2. Choose Calendar, and choose whether people in your organization can share their calendars with people outside who have Office 365 or Exchange, or with anyone.

    We recommend clearing the External sharing option.

    If you choose the share with anyone option, you can decide to also only share free/busy information.

  3. Choose Save changes on the bottom of the page.

    The following image shows that calendar sharing is not allowed.

    Screenshot of showing external calendar sharing as not allowed.

    The following image shows the settings when calendar sharing is allowed with an email link with only free/busy information.

    Screenshot of calendar free/busy sharing with anyone.

If your users are allowed to share their calendars, see these instructions for how to share from Outlook on the web.

Next objectives

Proceed to: