Security Baselines
Apply and monitor Microsoft recommended security baselines for Exchange Online Protection and Microsoft Defender for Office 365. Security baselines provide preset configurations that align with Microsoft best practices for email security.
Note: Microsoft provides Standard and Strict preset security policies that serve as recommended baselines. These presets configure anti-spam, anti-phishing, anti-malware, and Safe Links/Safe Attachments settings.
Preset Security Policies
Standard Protection
Balanced security that works for most organizations:
- Anti-spam: Move spam to Junk, quarantine high-confidence spam
- Anti-phishing: Spoof protection enabled, impersonation detection on
- Anti-malware: Common attachment filter enabled, ZAP enabled
- Safe Links: URL scanning enabled, click tracking on
- Safe Attachments: Dynamic Delivery mode
Strict Protection
Maximum security for high-risk users or sensitive roles:
- Anti-spam: Quarantine all spam and phishing
- Anti-phishing: All impersonation protections at maximum sensitivity
- Anti-malware: All file types blocked, aggressive scanning
- Safe Links: Block click-through on malicious URLs
- Safe Attachments: Block mode for all detections
Baseline Comparison
| Setting | Standard | Strict |
|---|---|---|
| Spam action | Move to Junk | Quarantine |
| High confidence spam | Quarantine | Quarantine |
| Phishing action | Quarantine | Quarantine |
| Bulk threshold | BCL 6 | BCL 5 |
| Safe Links scanning | Enabled | Enabled |
| Click through | Allowed with warning | Blocked |
| Safe Attachments mode | Dynamic Delivery | Block |
| Impersonation protection | Enabled | Enabled (strict) |
Compliance Score
Track how your configuration aligns with the recommended baseline:
- Fully compliant — All settings match the recommended baseline
- Partially compliant — Some settings deviate from baseline
- Non-compliant — Critical settings do not match baseline
Applying Baselines
- Review current configuration — Compare existing settings against the baseline.
- Identify gaps — Note settings that deviate from recommendations.
- Apply preset policy — Enable Standard or Strict preset for target users.
- Monitor impact — Watch for false positives or user complaints after applying.
Best Practices
- Start with Standard — Apply Standard preset to all users as a baseline.
- Use Strict for executives — Apply Strict preset to high-value targets.
- Monitor after changes — Review quarantine and user feedback after applying baselines.
- Review quarterly — Baselines are updated by Microsoft. Review and re-apply as needed.
API Reference
GET /api/exchange/security-baselines
Get current baseline compliance status
GET /api/exchange/security-baselines/comparison
Compare current settings to recommended baseline
POST /api/exchange/security-baselines/apply
Apply preset security policy
GET /api/exchange/security-baselines/score
Get security compliance score