Recommended settings for Defender for Office 365

If you have booked the Defender for Office 365 function for your Microsoft 365 tenant, we recommend the following additional settings. If you do not set these settings, NoSpamProxy may consider emails to have been successfully delivered even though they were intercepted in the Microsoft tenant's quarantine. Activating automatic notifications prevents suspicious emails from being moved to quarantine and possibly deleted automatically.

To activate corresponding notifications for the original recipient address, create a corresponding policy. This has the effect that

• the users have limited access to the quarantine or
• do not have access to the quarantine (if desired) and receive a notification when an email is moved to quarantine.

Proceed as follows:

1. Open the Microsoft Defender 365 portal and log in with your access data.
2. Select the Policies & rules area.
   
   
3. Go to Threat policies > Quarantine policies and click Add custom policy.
4. Give the policy a name under Policy name.
5. Under Recipient message access, select the type of access you want to allow recipients.
   
6. Under Quarantine notification, tick the Enable box to activate the notifications.
   
7. Under Summary, click Global Settings and select the interval for sending notifications under Send end-user spam notifications.
   
8. Go to Policies & rules again and click on Alert policy.

9. Customise the two policies Email messages containing malware removed after delivery and Email messages containing malicious URL removed after delivery as shown below:
   

   

In this way, the accounts stored as tenant administrators also receive a notification as soon as an email or its content has been removed due to malicious links or malware.