Cybersecurity

How to Configure Microsoft Defender for Office 365

Published 14 February 2026 · 8 min read

Microsoft Defender for Office 365 protects against phishing, malware, and malicious links. It comes in Plan 1 (included in Business Premium) and Plan 2 (E5). This guide covers the essential policies: Safe Links, Safe Attachments, and Anti-Phishing.

Configure Safe Links

Microsoft 365 Defender → Policies & rules → Threat policies → Safe Links → + Create
⚙️
Safe Links settings
Apply real-time URL scanningChecks links at time of click
Yes
Do not let users click through
Yes
Apply to email within the org
Yes
Track user clicks
Yes

Configure Safe Attachments

Defender → Policies & rules → Threat policies → Safe Attachments
⚙️
Safe Attachments settings
Unknown malware response
Block
Enable redirect
No
💡
Dynamic Delivery
Use Dynamic Delivery to send email body immediately while attachment is scanned - reduces the 2-5 minute delay users experience.

Configure Anti-Phishing

Defender → Policies & rules → Threat policies → Anti-phishing
⚙️
Anti-phishing settings
Phishing threshold
3 - More aggressive
Enable user impersonation protection
Yes - add CEO CFO Finance
Enable domain impersonation protection
Yes - add your domain
Enable mailbox intelligence
Yes
Enable spoof intelligence
Yes

Use preset security policies

Microsoft provides Standard and Strict preset policies that configure all Defender settings in one click:

Defender → Policies & rules → Preset security policies
💡
Assign Strict to executives
Apply Standard to all users as a baseline, then Strict to executives and Finance who are most targeted.

Frequently Asked Questions

Q: Does Safe Attachments slow email delivery?

Yes by a few minutes. Use Dynamic Delivery to send the email body immediately and replace the attachment with a placeholder while scanning.

Q: What is the difference between Safe Links and Anti-phishing?

Safe Links protects against malicious URLs. Anti-phishing protects against social engineering that impersonates trusted senders. Both should be enabled.

Q: Is Defender for Office 365 the same as Exchange Online Protection?

No. EOP is the baseline included in all M365 plans. Defender for Office 365 is an additional layer with sandboxing and AI analysis.

Related Guides
-> Block Legacy Auth-> DMARC DKIM SPF-> Conditional Access
// need intune set up properly?
Fixed-price Intune setup for UK businesses

App deployment, compliance policies, Conditional Access, and full documentation at a fixed price.

View Packages