How do I configure email security in Microsoft 365?

What is a How do I configure email security in Microsoft 365??

Microsoft 365 has built-in email security policies that protect against phishing, malware, and spam. The available settings depend on your subscription tier.

Microsoft 365 includes built-in protection against phishing, malware, and spam. The settings available to you depend on whether you have Business Standard or Business Premium.

No email security configuration is 100% effective. Stay vigilant when handling unexpected emails regardless of your settings.

How do I access the security settings?

Go to admin.microsoft.com, then navigate to Admin Centers → Security. A new tab opens. From there: Email & Collaboration → Policies & Rules → Threat Policies.

  1. Apply Standard Preset Security Policies. Go to Preset Security Policies and select Standard Protection. This activates Microsoft's recommended baseline protection against spam, phishing, and malware.

  2. Review anti-spam and anti-phishing policies. Standard policies are applied by default. Under Policies, review and adjust them to match your organization's risk profile. Microsoft's documentation covers anti-spam policies and anti-phishing policies in detail.

  3. Configure quarantine policies. Under Policies → Quarantine Policies, set how users interact with quarantined emails and configure notification preferences. Microsoft's quarantine documentation covers the setup.

Business Premium includes advanced anti-phishing controls not available in Standard. If your company handles sensitive data, Business Premium provides significantly stronger protection.

  1. Apply Strict Preset Security Policies for high-risk users. Go to Preset Security Policies and select Strict Protection. Apply this to executives, admins, and others with elevated access.

  2. Define trusted users and domains. In your Anti-Phishing Policies, add trusted internal users and domains. This blocks attackers trying to impersonate your staff or spoof your domain. Microsoft's impersonation insight documentation explains the options.

  3. Configure Safe Links and Safe Attachments. Under Policies → Safe Links and Safe Attachments, enable real-time scanning of URLs and email attachments. Setup guides are available for Safe Links and Safe Attachments.

For broader protection, especially on macOS systems and older Windows versions, ask deeploi about the Security+ add-on. Contact hello@deeploi.io for details.

What's Next

Email Security: Gmail

Configure phishing protection and email authentication for Google Workspace.