Last update : December 12 2022
Important : This documentation is provided for information purposes only. Please contact the dedicated Microsoft support if you are having any trouble during the process. This document is intended for our customers and partners using Vade for M36. The purpose of this document is to inform about Microsoft's recommended practices at the time this document was produced. Vade declines all responsibility concerning the use or updating of the information present in this document.
Exchange Online Protection setting
Anti-phishing :
The following steps help you strengthen anti-phishing protection.
Procedure
1.Log in to the Microsoft 365 security platform.
2.Click Email & collaboration > Policies & rules in the left menu.
3.Click Threat policies.
4.Click Anti-phishing.
5.Click Office365 AntiPhish Default (Default)
Note : You can create custom policies for specific users, groups, or domains, and change their
priority.
6.Click Edit protection settings.
7.Check the Enable spoof intelligence (Recommended) box.
8.Click Save.
9.Click Edit actions.
10.Check the Show first contact safety tip (Recommended) box.
A banner is displayed in the email if the user receives an email from the sender for the first time,
or if the user rarely receives emails from the sender.
11.Check the Show (?) for unauthenticated senders for spoof box.
A ? symbol is displayed in the Outlook sender card if the sender could not be authenticated by
Microsoft.
12.Check the Show "via" tag box.
The platform through which the email was sent will be indicated. For example: chris@contoso.com
via fabrikham.com.
13.Click Save.
Anti-spam :
The following steps help you strengthen your anti-spam protection.
Procedure
1.Log in to the Microsoft 365 security platform.
2.Click Email & collaboration > Policies & rules in the left menu.
3.Click Threat policies.
4.Click Anti-spam.
5.Click Anti-spam inbound policy (Default) > Edit spam threshold and properties.
6.Set the Bulk email threshold on 6.
Note : Microsoft assigns a score (the BCL, bulk complaint level) to senders based on complaints
received.The higher the rating, the more the sender sent bulk emails and generate complaints. Vade recommends lowering the BCL threshold of senders accepted in the inbox to 6.
7.Select On for the SPF record: hard fail option.
Warning : Enable this option only if your MX records are passed to Microsoft or if you have configured "advanced delivery" correctly, in case you have an email gateway before Exchange Online.
Emails sent from an IP address that is not listed in the Sender Policy Framework (SPF) DNS record will be sorted into spam.
8.Click Save.
9.Click Edit actions.
10.Check all the boxes under Zero-hour auto purge (ZAP).
Phishing, spam and malware emails received in the Exchange Online mailbox are quarantined.
Anti-malware :
The following steps help you strengthen anti-malware protection by putting emails containing malware in quarantine.
Procedure
1.Log in to the Microsoft 365 security platform.
2.Click Email & collaboration > Policies & rules in the left menu
3.Click Threat policies.
4.Click Anti-malware.
5.Click Default (Default) > Edit protection settings.
6.Check the Enable the common attachments filter box.
7.Select Reject the message with a non-delivery receipt (NDR) or Quarantine the message according to your preference.
Emails containing the file types that are filtered according to the anti-malware policy of Microsoft are rejected or quarantined.
8.Check the Enable zero-hour auto purge for malware (Recommended) box.
If an email containing a malware has bypassed initial filtering and is detected in the Exchange Online inbox, then it is automatically quarantined.
9.Click Save.
Note : Users cannot retrieve emails containing a malware.
Sender Policy Framework setting
Set the SPF :
The SPF validates outbound flow from your domain, and thus prevents identity
theft.
Important : Please contact your partner to help you configure the SPF.
SPF syntax
A standard SPF TXT record for Microsoft 365 has the following syntax:
v=spf1 include:spf.protection.outlook.com ip4:<adresse_ipv4> ip6:<adresse_ipv6>
-all
- v=spf1 : Starts the TXT record and links it to the SPF protocol.
- include:spf.protection.outlook.com : Identifies a custom domain as a legitimate sender.
- ip4:<adresse_ipv4>, ip6:<adresse_ipv6> : Optional, identifies an IPv4 or IPv6 address as a legitimate sender.
- -all : indicates a hard fail.
Add a DNS record to use SPF
1.Log in to the Microsoft 365 admin center.
2.Click Settings > Domains in the left menu.
3.Click on the domain to add a DNS record to in your domain list.
4.Cliquez sur DNS records.
5.Click + Add record.
6.Select TXT (Text) under Type.
7.Enter @your domain name under TXT name.
8.Enter v=spf1 include:spf.protection.outlook.com ip4:<adresse_ipv4> ip6:<adresse_ipv6> -all under TXT value.
Note : You must add a new record for each subdomain.
DKIM setting
Set the DKIM:
DKIM (DomainKeys Identified Mail) allows you to add a digital signature to your
outbound flow in the email header.
Important : Please contact your partner for help setting up DKIM.
Why and When :
When you set up the DKIM, you allow your domain to associate its name with an email or sign it using
cryptographic authentication. Mail systems that receive email from your domain can use this digital
signature to determine if the email is legitimate.
Procedure
1. Log in to the Microsoft 365 security platform.
2. Click on the domain on which you want to configure the DKIM.
3. Enable the Sign messages for this domain with DKIM signatures feature. A pop-in window saying you need to add CNAME records opens.
4. Copy the CNAME displayed in the pop-in window.
5. On your DNS provider's website, add the CNAME records for the DKIM you want to enable.
6. Do the steps 1, 2 and 3 again.
Results : A digital signature is applied in the header of outbound flow emails.
DMARC setting
DMARC syntax
A standard DMARC TXT record for Microsoft 365 has the following syntax:
v=DMARC1; p=<policy>; <email>=mailto:<@mail>
- v=DMARC1 : Starts the TXT record and links it to the DMARC protocol.
-
p=<policy> : Defines the action to take.
- none : No action.
- reject : The email is rejected and the sending server is notified.
- quarantine : The email is moved to "Spam" folder.
- <email>=mailto:<@mail> : Allows you to receive reports on the domain's DMARC activity. For example: rua=mailto:d@rua.agari.com.
Set the DMARC:
DMARC (Domain-based Message Authentication, Reporting, and Conformance) allows receiving mail systems to better sort email from your domain when SPF or DKIM checks fail.
Before you begin
Important : Please contact your partner to help you configure the SPF and the DKIM.
You must first configure the SPF and the DKIM.
Procedure
1. Log in to the Microsoft 365 admin center.
2. Click Settings > Domains in the left menu.
3. Click on the domain to add a DMARC record to in your domain list.
4. Click DNS record.
5. Click+ Add record.
6. Select TXT under Type.
7. Enter _dmarc under TXT name.
8. Enter v=DMARC1; p=<policy>; email=mailto:<@mail> under TXT value.
9. Click Save.