Skip to content

Commit

Permalink
Update recommended-settings-for-eop-and-office365.md
Browse files Browse the repository at this point in the history 
Reading through this, setting a notification address for Default Outbound Spam policy recommends not configured because of Alert policy. However, as of 1/13/25, this is enabled on our tenant, and SecureScore is asking for it to be configured. Not sure how to link to a specific SS entry, but the title is "Ensure Exchange Online Spam Policies are set to notify administrators"

Implementation tasks, copied: 

Check Send a copy of outbound messages that exceed these limits to these users and groups then enter the desired email addresses.
Check Notify these users and groups if a sender is blocked due to sending outbound spam then enter the desired email addresses.
  • Loading branch information
@Yebbenbe
Yebbenbe authored Jan 13, 2025
1 parent db8cdd5 commit 8b71ac4
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions defender-office-365/recommended-settings-for-eop-and-office365.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -170,8 +170,8 @@ For more information about the default sending limits in the service, see [Sendi
|**Set a daily message limit** (_RecipientLimitPerDay_)|0|1000|800|The default value 0 means use the service defaults.|
|**Restriction placed on users who reach the message limit** (_ActionWhenThresholdReached_)|**Restrict the user from sending mail until the following day** (`BlockUserForToday`)|**Restrict the user from sending mail** (`BlockUser`)|**Restrict the user from sending mail** (`BlockUser`)||
|**Automatic forwarding rules** (_AutoForwardingMode_)|**Automatic - System-controlled** (`Automatic`)|**Automatic - System-controlled** (`Automatic`)|**Automatic - System-controlled** (`Automatic`)|
|**Send a copy of outbound messages that exceed these limits to these users and groups** (_BccSuspiciousOutboundMail_ and _BccSuspiciousOutboundAdditionalRecipients_)|Not selected (`$false` and Blank)|Not selected (`$false` and Blank)|Not selected (`$false` and Blank)|We have no specific recommendation for this setting. <br><br> This setting works only in the default outbound spam policy. It doesn't work in custom outbound spam policies that you create.|
|**Notify these users and groups if a sender is blocked due to sending outbound spam** (_NotifyOutboundSpam_ and _NotifyOutboundSpamRecipients_)|Not selected (`$false` and Blank)|Not selected (`$false` and Blank)|Not selected (`$false` and Blank)|The default [alert policy](/purview/alert-policies#threat-management-alert-policies) named **User restricted from sending email** already sends email notifications to members of the **TenantAdmins** group (**Global Administrator** members) when users are blocked due to exceeding the limits in policy. **We strongly recommend that you use the alert policy rather than this setting in the outbound spam policy to notify admins and other users**. For instructions, see [Verify the alert settings for restricted users](outbound-spam-restore-restricted-users.md#verify-the-alert-settings-for-restricted-users).|
|**Send a copy of outbound messages that exceed these limits to these users and groups** (_BccSuspiciousOutboundMail_ and _BccSuspiciousOutboundAdditionalRecipients_)|Not selected (`$false` and Blank)|Not selected (`$false` and Blank)|Not selected (`$false` and Blank)|Microsoft SecureScore now recommends this be configured, in the recommendation "Ensure Exchange Online Spam Policies are set to notify administrators". <br><br> This setting works only in the default outbound spam policy. It doesn't work in custom outbound spam policies that you create.|
|**Notify these users and groups if a sender is blocked due to sending outbound spam** (_NotifyOutboundSpam_ and _NotifyOutboundSpamRecipients_)|Not selected (`$false` and Blank)|Not selected (`$false` and Blank)|Not selected (`$false` and Blank)|The default [alert policy](/purview/alert-policies#threat-management-alert-policies) named **User restricted from sending email** already sends email notifications to members of the **TenantAdmins** group (**Global Administrator** members) when users are blocked due to exceeding the limits in policy. Microsoft SecureScore now recommends this be configured. For instructions, see [Verify the alert settings for restricted users](outbound-spam-restore-restricted-users.md#verify-the-alert-settings-for-restricted-users).|

### EOP anti-phishing policy settings

Expand Down

0 comments on commit 8b71ac4

Please sign in to comment.