Why Default Settings Are Not Enough
Out of the box, Microsoft 365 catches most obvious spam but leaves gaps. Properly tuned policies significantly reduce phishing, spoofing, and business email compromise attempts.
Layer 1: Email Authentication (Do This First)
Before tuning filters, confirm these DNS records are in place:
| Record | Purpose |
|---|---|
| SPF | Authorises sending servers |
| DKIM | Cryptographic email signing |
| DMARC | Policy enforcement on SPF and DKIM failures |
Without DMARC at least p=quarantine, spoofed emails from your own domain can still reach inboxes.
Layer 2: Anti-Spam Policy Tuning
In Microsoft Defender > Email and Collaboration > Policies > Anti-Spam:
- Bulk email threshold: Lower from default 7 to 5 for stricter filtering
- Spam action: Move to Junk folder (or quarantine for tighter control)
- High-confidence spam: Quarantine
- Phishing: Quarantine
- High-confidence phishing: Quarantine and notify admin
Layer 3: Anti-Phishing Policy
- Enable impersonation protection for key executives
- Add your domain and executive names to monitored senders
- Enable mailbox intelligence
- Set spoofed sender action to quarantine
Layer 4: Safe Links and Safe Attachments
- Enable Safe Links for all users — rewrites URLs and checks on click
- Enable Safe Attachments — detonates attachments in sandbox before delivery
- Both require Microsoft Defender for Office 365 Plan 1 or higher
Quarantine Review Routine
- Assign a staff member to review quarantine weekly
- Release false positives and add to safe sender list
- Report false negatives (spam that got through) to Microsoft
*Related: Managed IT Services Dubai | Networking and Security Dubai*
Tags
Microsoft 365Anti-SpamEmail SecurityHow-ToCybersecurity
SAS IT Services — Dubai
Need expert IT support?
Our certified engineers cover all of Dubai & UAE with same-day response and 24/7 support contracts.