Microsoft Defender for Office 365: Introducing Built-In-Protection
We’re are introducing a powerful new default security preset called Built-in-Protection in Defender for Office 365.
- Built-in-Protection is a third preset security policy (like the Standard and Strict preset policies), and is enabled by default for all new and existing customers. It will implement a version of Safe Links and Safe Attachments resulting in low impact on the end-user. It’s low impact as the end user experience will not be changed – URL links will not be wrapped. However, it will implement delivery time file and URL detonation as well as time of click protection.
- Microsoft 365 Roadmap ID 72208.
- Timing: We will begin rolling out in mid-December and complete by late January.
- Beginning in early November, you will be able to view the Built-in-Protection preset in the Defender for Office 365 portal and configure any exceptions required ahead of the policy enablement rollout that begins in mid-December.
- Action: Review and assess impact to users in your organization.
How this will affect your organization:
Built-In-Protection will not impact users who currently have a Safe Links or Safe Attachments policy in place.
Note: For users already covered under the standard or strict preset; or under an explicit custom policy, this new built-in preset will not impact them as this policy has the lowest priority.
Policies will be applied in the following order of precedence:
- Strict
- Standard
- Custom
- Built-In-Protection or default
This means that if additional domains are added to your tenant, they will automatically be protected through Built-In-Protection with a base level of Safe Links and Safe Attachment. This will reduce the administrative burden and time involved to protect these users, as they’ll get instant protection under the Built-in preset.
What you need to do to prepare:
This is rolling out default on.
Learn more:
No security admin action is required. You will want to review the impact to users who are not already protected under a standard or strict preset or under an explicit Safe Links and Safe Attachment custom policy.
- We will release the option to configure exceptions in the Microsoft 365 Defender portal in early November ahead of enabling the Built-In-Protection policy.
- Although we do not recommend it, we recognize the need for some organizations to exclude certain users or groups from Built-In-Protection and admins will have the opportunity to configure these exceptions ahead of December rollout.
- MDO blog announcing Built-In-Protection
- Learn how to configure Built-in-Protection
- See the specific settings set in Built-In-Protection
Message ID: MC296611
No comments yet