Office 365 ATP is a fantastic tool for protecting Office 365 users from threats such as spam, phishing and malicious content. A lot of the time, as consultants, the initial set up of these policies is pretty similar from customer to customer with some potential change on granular items such as thresholds and actions.
Often a customer will look for a “best practice” implementation so they can assess without going into each configuration item and making a decision based on past experience with other products or gut feeling. “Should we send suspected Phishing mails to junk or quarantine? What about high-confidence Phishing?”
There is some guidance available from Microsoft for the initial set up in the documentation and the Office 365 ATP Recommended Configuration Analyzer (ORCA) is great for assessing gaps from this perspective but still requires knowledge of the configuration and monitoring of any new features released or changes to recommendations.
The new Office 365 ATP Preset Security Policies option allows for a more ‘hands off’ approach of accepting best practices for ATP configuration. The policies allow for a selection of “Standard” and “Strict” Protection of users and can be assigned to separate user groups. This allows organizations who want to be protected, but aren’t too concerned with understanding the “nuts and bolts” of it all a nice option to deploy best practice protection to users rapidly.
While this is probably not a good option for a large enterprise looking to replace something like Mimecast, for SME’s the Presets should save time and effort in deploying some extremely powerful features to protect users.
The individual configuration items in these policies can be found in the Recommended settings for EOP and Office 365 ATP security documentation.