Microsoft Defender for Office 365: Introducing Built-In-Protection

Originally posted by Microsoft Nov 8, 2021 Microsoft Defender for Office 365 0 Comments

We’re are introducing a powerful new default security preset called Built-in-Protection in Defender for Office 365.

  • Built-in-Protection is a third preset security policy (like the Standard and Strict preset policies), and is enabled by default for all new and existing customers. It will implement a version of Safe Links and Safe Attachments resulting in low impact on the end-user. It’s low impact as the end user experience will not be changed – URL links will not be wrapped. However, it will implement delivery time file and URL detonation as well as time of click protection.

  • Microsoft 365 Roadmap ID 72208.
  • Timing: We will begin rolling out in mid-December and complete by late January.
    • Beginning in early November, you will be able to view the Built-in-Protection preset in the Defender for Office 365 portal and configure any exceptions required ahead of the policy enablement rollout that begins in mid-December.
  • Action: Review and assess impact to users in your organization.

How this will affect your organization:

Built-In-Protection will not impact users who currently have a Safe Links or Safe Attachments policy in place.

Note: For users already covered under the standard or strict preset; or under an explicit custom policy, this new built-in preset will not impact them as this policy has the lowest priority.

Policies will be applied in the following order of precedence:

  1. Strict
  2. Standard
  3. Custom
  4. Built-In-Protection or default

This means that if additional domains are added to your tenant, they will automatically be protected through Built-In-Protection with a base level of Safe Links and Safe Attachment. This will reduce the administrative burden and time involved to protect these users, as they’ll get instant protection under the Built-in preset.

What you need to do to prepare:

This is rolling out default on.

Learn more:

No security admin action is required. You will want to review the impact to users who are not already protected under a standard or strict preset or under an explicit Safe Links and Safe Attachment custom policy.

  • We will release the option to configure exceptions in the Microsoft 365 Defender portal in early November ahead of enabling the Built-In-Protection policy.
  • Although we do not recommend it, we recognize the need for some organizations to exclude certain users or groups from Built-In-Protection and admins will have the opportunity to configure these exceptions ahead of December rollout.

Message ID: MC296611

No comments yet

Leave a Reply

Joao Ferreira

I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.

%d bloggers like this: