You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-office-365/step-by-step-guides/tune-microsoft-defender-for-office-365.md
+34-2Lines changed: 34 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -16,8 +16,40 @@ ms.collection:
16
16
ms.topic: how-to
17
17
search.appverid: met150
18
18
ms.date: 04/14/2025
19
+
appliesto:
20
+
- ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 1 and Plan 2</a>
While Microsoft Defender for Office 365 will start protecting collaboration across Exchange Online, Teams, SharePoint, One Drive for Business, and M365 applications by default when a license containing Microsoft Defender for Office 365 is enabled, some "tuning" can help get the maximum benefit.
27
+
28
+
"Tuning" is a term that is often used to mean different things. It can refer to [Configuring Security Controls](#configuring-security-controls) or configuring connectors [for Complex Routing and Dual Filtering Scenarios](#complex-routing-and-dual-filtering-scenarios) as part of initial setup. It can refer to setting [Security Control Thresholds](#security-control-thresholds) on security controls like the bulk email slider and advanced filtering slider to determine how aggressively email will be blocked. It can refer to adding and managing [Customer configured allows and blocks](#customer-configured-allows-and-blocks). Allows are a powerful tool for managing email deliverability but can let malicious or unwanted emails be delivered if not correctly managed. Blocks will ensure unwanted emails are never delivered but can lead to user productivity loss. Sometimes, it can even refer to [Submissions and System Learning](#submissions-and-system-learning), or how the filtering stack self corrects based on the false positive and false negative emails being submitted.
29
+
30
+
### Configuring Security Controls
31
+
32
+
The easiest and safest way to configure security controls is by onboarding to preset security policies. By using preset security policies (Standard or Strict), you'll always have Microsoft's recommended, best practice, configuration for your users. Here are [Steps to set up the Standard or Strict preset security policies for Microsoft Defender for Office 365](ensuring-you-always-have-the-optimal-security-controls-with-preset-security-policies.md).
33
+
34
+
Worried about attacks targeting your CEO, CIO, or CFO? You can [Protect your c-suite with Priority account protection in Microsoft Defender for Office 365 Plan 2](protect-your-c-suite-with-priority-account-protection.md).
35
+
36
+
If custom security policies are being used, config analyzer will make recommendations to make sure Microsoft best practices are being followed. You can [Optimize and correct security policies with configuration analyzer](optimize-and-correct-security-policies-with-configuration-analyzer.md).
37
+
38
+
### Complex Routing and Dual Filtering Scenarios
39
+
40
+
Using a non-Microsoft email filtering solution in conjunction with Microsoft Defender for Office 365 requires some additional configuration to ensure you are getting the best from both filtering solutions. Learn more about [Getting started with defense in-depth configuration for email security](defense-in-depth-guide.md). Care must be taken when using connectors to route mail to these solutions to ensure that Microsoft Defender for Office 365 has access to the original email sender information. Configure [Enhanced filtering for connectors in Exchange Online](/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/enhanced-filtering-for-connectors).
41
+
42
+
### Security Control Thresholds
43
+
44
+
45
+
The bulk email slider and the advanced phishing slider allow you to determine how aggressively each of those filters are applied. To optimize the threshold where bulk mail is treated as spam you can [Assess and tune your filtering for bulk mail in Defender for Office 365](tune-bulk-mail-filtering-walkthrough.md). [Microsoft recommendations for EOP and Defender for Office 365 security settings](../recommended-settings-for-eop-and-office365.md) contains best practices for choosing the right [Advanced phishing thresholds in anti-phishing policies in Microsoft Defender for Office 365](../anti-phishing-policies-about.md) for your organization.
46
+
47
+
### Customer configured allows and blocks
48
+
49
+
50
+
Overrides are a powerful tool that can be used to deliver or block emails regardless of how Microsoft Defender for Office 365 dispositions the message. [Understanding overrides within the email entity page in Microsoft Defender for Office 365](understand-overrides-in-email-entity.md) provides a guide for leveraging the email entity page to understand why a message was allowed or blocked across all the different types of available overrides.
51
+
52
+
### Submissions and System Learning
53
+
54
+
55
+
The single most important thing you can do to improve the accuracy of email filtering for your users is to [Report spam, non-spam, phishing, suspicious emails and files to Microsoft](../submissions-report-messages-files-to-microsoft.md). This informs the Microsoft Security Analyst team what changes need to be made across the entire filtering stack to ensure your users have the best possible experience. Here are some best practices for [How to handle malicious emails that are delivered to recipients using Microsoft Defender for Office 365](how-to-handle-false-negatives-in-microsoft-defender-for-office-365.md) and [How to handle legitimate emails getting blocked from delivery using Microsoft Defender for Office 365](how-to-handle-false-positives-in-microsoft-defender-for-office-365.md).
0 commit comments