Deploy ATP Policy on your Office 365 Tenant Part 1

Before we start to explain how to setup the ATP policy in your Office 365 tenant, make sure to use Microsoft 365 A5 license or you should order Office 365 ATP P1 or P2 license otherwise all the policy on my article won’t show on your security site. Meanwhile, pls spend couple seconds to scan the QR code below to follow my Wechat account. Your attention is my biggest motivation to keep posting my article.

So let’s start to setup the ATP policy on your tenant.

Login to “Security & Compliance” on your Office 365 Admin site, Make sure the account you used to deploy the setting have the ATP license so you can modify the policy. 图片包含 屏幕截图

描述已自动生成

Extend the “Threat Management” and click into the Policy. There are couple policy need you to deploy here which including:

  • ATP anti-phishing
  • Safe attachment
  • Safe link
  • Anti-malware

We will focus on the ATP anti-phishing policy today. Click into “ATP anti-phishing”.

图片包含 屏幕截图

描述已自动生成

You can customize your own policy or directly edit the default policy here. If you want to create your own policy, click “+Create”.

图片包含 屏幕截图

描述已自动生成

Give a named on this customize policy.

图片包含 屏幕截图

描述已自动生成

Click “Add a condition” and select “The recipient domain is” so that you can add all your own domain into your ATP policy.

图片包含 屏幕截图

描述已自动生成

Click “Choose”.

图片包含 屏幕截图

描述已自动生成

Click “+ Add”.

图片包含 屏幕截图

描述已自动生成

Then select all the domain own by your Office 365 tenant.

图片包含 屏幕截图

描述已自动生成

Click “Next”.

图片包含 屏幕截图

描述已自动生成

Click “Create this policy” and you can keep setup the advance setting on this policy.

图片包含 屏幕截图

描述已自动生成

Double click into the customize policy you just create.

图片包含 屏幕截图

描述已自动生成

Click “Edit” in the Impersonation setting.

图片包含 屏幕截图

描述已自动生成

Click Add User to add all the VIP user you want to protect. If you want to understand more detail relate to this, pls check with the link below:

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-anti-phishing-policies#learn-about-atp-anti-phishing-policy-options

图片包含 屏幕截图

描述已自动生成

Add the VIP user one by one and click “Save”.

图片包含 屏幕截图

描述已自动生成

Click into “Add domains to protect” and turn on the “Automatically include the domain I own” and “Include custom domain”. After or, Add your custom domain in the blank filed.

图片包含 屏幕截图

描述已自动生成

Click into “Action” and choose the action you want to take if your email is send by impersonated user or domain. I suggest choosing “Quarantine the message”. If you want to know more detail between different action, feel free to check with this link below:

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/manage-quarantined-messages-and-files

Meanwhile, Click into “Turn on impersonation Safety” like the screenshot below:

图片包含 屏幕截图

描述已自动生成

Turn one the following setting.

图片包含 屏幕截图

描述已自动生成

Click into Mailbox Intelligence and save the setting like what I show on the screenshot.

图片包含 屏幕截图

描述已自动生成

Under the “Add Trusted senders and domain”, add the personal email address below to all the VIP user you add into the protect list before. In this case, their personal email won’t be blocked by mistake. However, I still prefer to have some agreement setup for school, we can add the VIP personal address in here so that they can transfer some email for school, but everything which relate to school business should come out from their school email address, not from their personal email address.

图片包含 屏幕截图

描述已自动生成

Review all the setting your deploy before you save it.

图片包含 屏幕截图

描述已自动生成

Click “Edit” in Spoof.

图片包含 屏幕截图

描述已自动生成

Choose “Quarantine the message” and click Save.

图片包含 屏幕截图

描述已自动生成

Click into the Advance setting on the ATP policy and choose the level of handing phishing email here. I personally suggest to choose standard start from the beginning and click Save.

图片包含 屏幕截图

描述已自动生成

You should finish to setup ATP anti-phishing policy now, I will told you how the setup the rest policy on my next article later. Meanwhile, I found that some of my friends haven’t add the DKIM on their tenant. So make sure to add it so that you can got a more security email system. You can find the DKIM setting from the screenshot below and double click in it.

图片包含 屏幕截图

描述已自动生成

You will find your domain under that list and double click into the domain you own, you will find there is a noted show on the right hand side and ask you to add two CHAME name on your DNS server. So pls add the record show on your noted to your DNS server. (As everyone running different kinds of DNS solution, so I won’t show how to add CHAME record anymore, but it is very easy, right?) After all, click “Enable” then you will finish setup the DKIM on your tenant. If you want to understand more about the DKIM, feel free to check with the following link below:

https://docs.microsoft.com/en-us/previous-versions/exchange-server/exchange-150/mt674695(v=exchg.150)?redirectedfrom=MSDN

图片包含 屏幕截图

描述已自动生成

发表评论

电子邮件地址不会被公开。