Skip to main content

Recommended settings for Microsoft 365

ivan@ivancarlos.com.br
Updated

Below are the recommended settings for Microsoft 365:

User submission settings: https://security.microsoft.com/securitysettings/userSubmission

  • Outlook:
    • Enable "Monitor reported messages in Outlook" > "Use the built-in report button in Outlook"
    • Enable "Show a success message..."

Microsoft Teams:

  • Enable "Monitor reported messages in Microsoft Teams"

Destination of reported messages:

  • Enable "Microsoft only"

Email notifications

  • Enable "Automatically send email..."
    • Enable "Phishing or Malware"
    • Enable "Spam"
    • Enable "No threats found"

Customize sender and branding

  • Disable the option "Specify a Microsoft 365 mailbox..."
  • Enable the option "Replace Microsoft logo..."

Quarantine reports

  • Enable "Allow reporting of quarantined messages..."

Two-step verification requirement for tenant portals: https://entra.microsoft.com/#view/Microsoft_Azure_Resources/MfaSettings.ReactView

  • Check if in Multifactor Authentication, the "Enforcement status" option is "Enforced". If not, set a date to enable the setting or select "Enable enforcement now". 

Two-step verification requirement for users (for tenants without federated authentication): https://entra.microsoft.com/#view/Microsoft_AAD_IAM/TenantOverview.ReactView/initialValue//tabId//recommendationResourceId//fromNav/Identity

  • In the Tenant Properties tab, if the organization is not protected by "security defaults", select "Manage security defaults", option "Enabled", button "Save".

Third-party application consent and access permission: https://entra.microsoft.com/#view/Microsoft_AAD_IAM/ConsentPoliciesMenuBlade

  • Consent and permissions | User consent settings
    • Select "Allow user consent for apps from verified publishers, for selected permissions"
  • Consent and permissions | Admin consent settings
  • Select the users, groups, and roles that will review the requests
  • Select Yes for "Selected users will receive email notifications for requests​"
  • Select Yes for "Selected users will receive request expiration reminders​"
  • A reasonable date of 30 days for "Consent request expires after (days)​"

Consent and permissions | Permission classifications

  • Select the permissions in the Low tab that users can grant without approval:
    • Select User.Read, offline_access, openid, profile, email and confirm with Yes, add selected permissions

License request and approval workflow: https://admin.cloud.microsoft/?#/licenses/requestspage

  • It is recommended to enable your third-party license request system, if you have one. In the case of Ivan Carlos Consultoria, we use the following form: https://icc.gg/licencas
    • Access the configuration menu through the link "Connect your request process"
    • Enable the option "Use my organization's request process"
    • Fill in the "Message" field as you prefer, such as Solicite seu acesso utilizando o processo de solicitação e aprovação
    • Fill in the Link to documentation field as appropriate, such as https://icc.gg/licencas

Teams recording settings: Meeting settings - Microsoft Teams admin center

  • Content sharing section:

  • Recording & transcription section:

Organization settings / Security and privacy, Organization profile:

  • Security and privacy: Settings - Microsoft 365 admin center
    • Sharing: Usually there are no issues allowing users to add new guests
    • Privacy profile: It is important to add the link and contact email related to the privacy policy
    • Password expiration policy: Best practices recommend setting passwords to never expire
    • Self-service password reset; usually users are allowed to reset their own passwords
  • Organization profile: Settings - Microsoft 365 admin center
    • Send email notifications from your domain: It is recommended not to enable this option to ensure message delivery
    • Organization information: It is important to validate company information, company name, and technical contact
    • Technical support information: You can add information so that the end user can contact the company's official technical support
    • Data location: You can check where the data for each service is stored
    • Organization profile > Custom themes: You can add a logo and corporate website URL in this option 

 

Was this article helpful?

0 out of 0 found this helpful
Return to top

Related articles