MC704191 – Due to recent accuracy improvements implemented this month, certain customers may notice a modification in specific scores.
When this will happen:
Available now
How this affects your organization:
Customers may notice a modification in the scores of the following Microsoft Defender for Identity recommendations:
- Turn on Safe Attachments in block mode
- Ensure Safe Attachments policy is enabled
- Create Safe Links policies for email messages
- Ensure Safe Links for Office Applications is Enabled
- Ensure that an anti-phishing policy has been created
- Enable impersonated domain protection
- Ensure that mailbox intelligence is enabled
- Move messages that are detected as impersonated users by mailbox intelligence
- Ensure that intelligence for impersonation protection is enabled
- Set the phishing email level threshold at 2 or higher
- Enable the domain impersonation safety tip
- Enable the user impersonation safety tip
- Quarantine messages that are detected from impersonated domains
- Quarantine messages that are detected from impersonated users
- Enable impersonated user protection
- Enable the user impersonation unusual characters safety tip
- Ensure the Common Attachment Types Filter is enabled
- Create zero-hour auto purge policies for malware
- Ensure that no sender domains are allowed for anti-spam policies
- Set action to take on bulk spam detection
- Set the email bulk complaint level (BCL) threshold to be 6 or lower
- Set action to take on high confidence phishing detection
- Set action to take on high confidence spam detection
- Set action to take on phishing detection
- Retain spam in quarantine for 30 days
- Set action to take on spam detection
- Create zero-hour auto purge policies for phishing messages
- Create zero-hour auto purge policies for spam messages
- Set automatic email forwarding rules to be system controlled
- Ensure all forms of mail forwarding are blocked and/or disabled
- Set maximum number of external recipients that a user can email per hour
- Set maximum number of internal recipients that a user can send to within an hour
- Set a daily message limit
- Ensure Exchange Online Spam Policies are set to notify administrators
- Block users who reached the message limit
What you need to do to prepare:
Be aware of these accuracy improvements and review scores as appropriate.