Email is the #1 attack vector — and Microsoft 365 admins are on the front lines. If you’re not actively configuring and reviewing your email security settings, your organization could be at risk from phishing, spoofing, spam, and malware.
In this article, we walk through must-do email security configurations every Microsoft 365 admin should review and enable to safeguard their environment.
1. Enable DKIM and DMARC for Your Domain
Why it matters: DKIM and DMARC help verify your domain identity and prevent spoofing attempts.
How to do it:
- Go to Microsoft 365 Defender > Email & Collaboration > Policies & Rules > Threat policies.
- Set up DKIM for each custom domain.
- Add DMARC DNS records (
v=DMARC1; p=quarantine; rua=...).
2. Configure Anti-Phishing Policies
Phishing is still one of the most effective attack methods.
To create or review policies:
- Go to Microsoft 365 Defender Portal > Policies & rules > Threat policies > Anti-phishing.
- Turn on impersonation protection.
- Add executives and key employees as protected users.
3. Set Up SPF Records Correctly
SPF (Sender Policy Framework) validates authorized sending sources.
Example:
v=spf1 include:spf.protection.outlook.com -all4. Block Auto-forwarding
Attackers often auto-forward emails to external inboxes to exfiltrate data.
Disable auto-forwarding:
Go to Exchange Admin Center > Mail Flow > Remote domains.
Set “Allow automatic forwarding” to Off.
5. Enable Safe Links & Safe Attachments
These Microsoft Defender features help inspect and rewrite URLs/attachments before delivery.
Go to Microsoft 365 Defender > Policies & Rules > Safe Links / Safe Attachments.
Enable real-time scanning and URL rewriting.
6. Monitor the Threat Explorer
Use Threat Explorer to monitor trends in spam, phishing, and malware.
Navigate to:
Microsoft 365 Defender > Email & Collaboration > Explorer (or Real-time detections).
Filter by delivery status or threats to take quick action.
7. Review Quarantine Policies
Customize how quarantine works — who gets notifications, when, and what actions are allowed.
Check:
Quarantine policies (set user notification frequency).
End-user access to review or release emails.
8. Use Mail Flow Rules for Extra Control
Use transport rules to:
Add warnings for external senders.
Block risky attachments (e.g., .exe, .js).
Redirect emails with sensitive keywords.
9. Enable Audit Logging
Without audit logging, you’ll have no trace of email actions or security changes.
Go to Microsoft Purview > Audit.
Ensure Unified Audit Log is enabled.
10. Leverage Microsoft Secure Score
Secure Score offers a personalized action plan for your tenant. Visit: security.microsoft.com/securescore
Prioritize recommended actions around email & identity.
Final Thoughts Securing Microsoft 365 email isn’t just about spam filters. It’s about actively managing risk, monitoring threats, and enforcing controls.
Want help auditing or securing your Microsoft 365 environment?
Contact Techatix — your trusted Microsoft 365 experts.