The change will introduce a new, default security pre-set called 'Built-in-Protection' in Defender for Office 365. Built-in-Protection is a third preset Security Policy, like the Standard and Strict preset policies, and is enabled, by default, for all new and existing customers. It will implement a version of Safe Links and Safe Attachments resulting in low impact on the End User.
1. Configure Advanced Delivery
To ensure mail is successfully delivered to your users in an Office 365 environment, please follow this guide:
1. As an O365 Security admin, navigate to https://security.microsoft.com/advanceddelivery
2. Select the Phishing simulation tab, and click on Edit.
3. On the 'Edit third-party phishing simulation' tab that opens, configure the following settings:
- Domain: Expand this setting, and enter at least one email address domain by clicking in the box, entering a value, and then clicking Enter. You should enter the MetaPhish domain(s) that you wish to use for your phishing simulations. Up to 20 domains can now be added. (Please note that some Microsoft articles say only up to 10 domains can be added.)
- Sending IP: Expand this setting, and enter the relevant IP addresses:
- Simulation URLs to Allow: Expand this section, and add any domains you will be using in the following format *.domainname.com/*
When completed, action one of the following steps:
- First time: Click Add followed by Close.
- Edit existing: Click Save, and then select Close.
After implementing these changes, send a Phish to a small number of users to confirm Whitelisting is working as intended.
Further information can be found in the below Microsoft Article:
2. If you have Safe Links enabled, add 'Do not rewrite URLs in email'
- Navigate to your existing Safe Links policy.
- Click URL, followed by Protection Settings.
- Click Manage 0 URLs (see below).
- Click Add URLs.
- Add any domains you will be using in the following format *.domainname.com/*
- Click Save and then save your policy.
This will now stop the 'Safe Links' policy from scanning and rewriting URLs that have been added to the 'Manage 0 URLs' section.
More information can be found in the below Microsoft Article;