How To Configure Microsoft Defender for Microsoft 365

Learn the fundamentals to configure Microsoft Defender to secure your work environment

Microsoft Defender is Microsoft’s recommended solution for protecting your IT infrastructure and systems from viruses, cyber security threats, phishing and identity theft, and ransomware. Microsoft Defender for Microsoft 365 was formerly known as Office 365 Advanced Threat Protection. It is a suite of tools and policies that offer comprehensive protection against a variety of threats.

For an optimum level of protection against threats, Microsoft Defender offers a variety of settings for system administrators so that they can fine-tune them as per their requirements. In this article, we will take a look at the best configuration selections for safeguarding your Microsoft 365 environment.

Microsoft’s Defender Licenses

  • Microsoft Defender for Microsoft 365 offers Plan 1 and Plan 2 license, which includes pre-existing functionalities and pre-set configurations according to your requirements. With a Plan 1 license, system administrators are offered tools such as Safe-Links and Safe-Attachments.

These tools help protect Exchange Online, SharePoint Online, OneDrive, and Teams against harmful content in documents and hyperlinks. Plan 1 also offers Advanced Anti-Phishing Policies to protect users against phishing attacks in Exchange Online.

  • Plan 2 license offers enhanced tools such as Threat Tracker and Explorer that help to detect, scan, and report on potential security issues existing within the work environment. System administrators can run Attack Simulations as a training exercise for users to help them stay vigilant and be prepared for the next malware/phishing attack on their systems.

Office 365 Advanced Threat Protection Recommended Configuration Analyzer (ORCA)

  • ORCA is an add-on service for Microsoft 365 users that offers advanced protection against malicious threats arising from emails, URLs, and collaboration tools. To be able to install and use ORCA, users must already have a Plan 1 or Plan 2 license with Microsoft Defender.

ORCA helps system administrators compare and contrast their Microsoft Defender’s configurations against the recommended settings for their environment. ORCA helps them by performing a gap analysis against their settings and providing recommendations to ensure the best possible security settings. This helps ensure that Microsoft Defender’s data protection is working at its optimum level for both on-site and cloud data.

  • Microsoft has included the ORCA add-on service into the Microsoft 365 Security Portal, thus making it easier to install and deploy this service. The ORCA currently offers Preset Security Policies and Configurations Analyzer for system administrators.

Preset Security Policies

  • Preset Security Policies are pre-defined security settings that are ideal for anyone who does not want to spend too much time customizing and fine-tuning Microsoft Defender for their work environment. In the Microsoft 365 Security Portal, under the Threat Policies, there are two settings; Strict and Standard.

These are pre-defined settings and offer no further customization to system administrators. Both these settings comply with security levels defined in Microsoft’s recommendation documentation.

Configuration Analyzer

  • configure microsoft defenderThe configuration analyzer works by integrating the function of the ORCA service directly into the Microsoft 365 Security Portal. The configuration analyzer can be found in the same location as Present Security Policies. It can be thought of as an advanced version of the ORCA.

The configuration analyzer settings page has two core sections; settings and recommendations & configuration drift analysis and history.

  • The settings and recommendations page offers a broad overview of existing policies and whether or not they align with a defined baseline. This page provides information about the policy item, type, and current versus recommended settings.

The configuration drift analysis and history page provide information to system administrators about configuration changes that have been over time. This page allows the system administrators to see who made what kind of changes and at what time.

Microsoft Defender for Microsoft 365 is a unique and advanced tool that offers unmatched security services to your work environment. We, at Henson Group, are one of the best-managed service providers (MSPs) for Microsoft’s services such as Microsoft 365. Contact us today and let our team of experts help you get set up with Microsoft 365.