| For Customer Exchange Administrators |
Summary
Customers looking for best practices to adjust Microsoft Defender for Office 365 to keep ContactMonkey emails flowing internally can utilize this article to help their internal Office 365 Administration teams. Customers should always consider their security posture and business functionality requirements, as balancing these two is unique to each company. There is no one-size-fits-all solution.
This article intends to provide some starting information for administrators to investigate further. If administrators have questions, please get in touch with Microsoft by opening a ticket in your Microsoft Exchange or Defender portals, and a Microsoft representative can always assist.
Defender Policies
Microsoft Defender is Microsoft's security service for their Office/Microsoft 365 environment. It contains both default services for Exchange Online, such as the quarantine process, and additional paid services, such as advanced Endpoint protection.
Customers may have fewer or more options depending on their Microsoft Defender setup. Within the console, customers' administrators can find a variety of policies used to determine if emails may be subjected to quarantine. Microsoft explains the preset Security Policies and their function in the following documentation: Microsoft Preset Security Policies.
Custom Policy Adjustments
Once administrators know their company's security stance and policies, they should consider several points regarding ContactMonkey and the policy allow lists.
To ensure emails continue to arrive without interruption, Customer should consider their existing environment and look towards fine-tuning their policies around email quarantines. To ensure emails continue to be delivered and customers can see information about their campaigns, customers should look to allow the following.
For example, Microsoft Exchange administrators can adjust quarantine policies (requires administrator access) if they find too many emails are being flagged as phishing or spam.
Likewise, administrators may need to look to add some of ContactMonkey's endpoints to their allow lists (requires administrator access) or Safelinks policy (requires administrator access) if ContactMonkey trackers from internal emails are being flagged for possible malicious intent.
Microsoft Defender Threat Policies (requires administrator access)
For a list of ContactMonkey endpoints, please do not hesitate to contact Support or your Customer Success Manager for assistance.
Additional Adjustments
Customers wanting to learn more and discover additional areas that can be adjusted may also need to review the following documentation:
- Microsoft Zero Hour Auto Purge Policies
- Microsoft Quarantine Settings
- Microsoft Allow/Block URLs for Tenants [for Email at Scale Customers]
- Microsoft Threat Hunting
Post-Adjustment Testing
We advise customers to run tests in their environment after making their changes. Customer end users will want to attempt to send a campaign with all tracking turned on, and administrators may need to make further adjustments to find the proper adjustments to their security.
Since the security stance of each company differs depending on their industry, there is no one-size-fits-all solution. Administrators are encouraged to contact Microsoft directly through their Exchange Administration portal if they require further direction on making changes.