CONFIGURARE TENANT
Pasul 1 din 3
Informatii de baza
Date necesare pentru identificarea tenantului si aplicarea configuratiei.
Nume companie obligatoriu
Domeniu tenant obligatoriu
Domeniul principal Microsoft 365 al organizatiei.
Email administrator obligatoriu
Email notificari securitate obligatoriu
Adresa care primeste alertele de spam outbound si conturi blocate.
Aveti licenta Defender for Office 365 Plan 1 sau mai mare?
Politicile 1-7, 9, 12, 21-23, 25 necesita aceasta licenta.
Pasul 2 din 3
Politici de securitate
Selecteaza politicile pe care doresti sa le aplici. Apasa ? pentru detalii despre fiecare politica.
Legenda licente: Inclus inclus in M365 standard   Defender P1 necesita Defender for Office 365 Plan 1   E5 / P2 necesita licenta avansata   Manual nu se poate automatiza, doar informativ
Protectie Impersonation Defender P1 necesar
#1 Impersonation intelligence protection Defender P1
Activeaza protectia bazata pe machine learning pentru detectia utilizatorilor impersonati.
⚠ Necesita Defender for Office 365 Plan 1
#2 Move impersonated users to Junk (mailbox intelligence) Defender P1
Muta in Junk emailurile detectate ca impersonare de utilizator prin mailbox intelligence.
⚠ Necesita Defender for Office 365 Plan 1
#3 Enable impersonated domain protection Defender P1
Protejeaza impotriva emailurilor care imita domenii de incredere ale organizatiei.
⚠ Necesita Defender for Office 365 Plan 1
#4 Set phishing email level threshold at 2 or higher Defender P1
Seteaza pragul de agresivitate anti-phishing la nivel 2 (Aggressive) sau mai mare.
⚠ Necesita Defender for Office 365 Plan 1
#5 Enable impersonated user protection Defender P1
Protejeaza utilizatorii specificati (ex: CEO, CFO) impotriva emailurilor care le imita identitatea.
⚠ Necesita Defender for Office 365 Plan 1
#6 Quarantine messages from impersonated domains Defender P1
Pune in carantina (nu doar Junk) emailurile de la domenii impersonate.
⚠ Necesita Defender for Office 365 Plan 1
#7 Quarantine messages from impersonated users Defender P1
Pune in carantina emailurile de la utilizatori impersonati detectati de Defender.
⚠ Necesita Defender for Office 365 Plan 1
Defender Avansat Manual / Licenta extra
#8 Defender for Identity — Sensors on Domain Controllers Defender Identity
Instaleaza senzori pe Domain Controllers pentru detectia atacurilor on-premise.
⚠ Necesita Microsoft Defender for Identity — configurare manuala
#9 Defender for O365 in SharePoint, OneDrive & Teams Defender P1
Activeaza Safe Attachments si scanarea fisierelor in SharePoint, OneDrive si Teams.
⚠ Necesita Defender for Office 365 Plan 1
#10 Ensure DLP policies are enabled Manual / Purview
Politici de prevenire a pierderii datelor (Data Loss Prevention) — configurare specifica per organizatie.
⚠ Configurare manuala in Microsoft Purview — depinde de tipul de date al organizatiei
#12 Turn on Safe Documents for Office Clients Defender P1
Scaneaza documentele deschise in Protected View inainte de a permite iesirea din sandbox.
⚠ Necesita Defender for Office 365 Plan 1
Anti-Spam & Filtre Inclus in M365
#13 Restrict additional storage providers in OWA Inclus
Blocheaza conectarea la Google Drive, Dropbox, Box din Outlook Web App.
#14 Set action on high confidence spam detection → Quarantine Inclus
Emailurile clasificate cu incredere mare ca spam sunt puse in carantina, nu doar in Junk.
#15 Set action on phishing detection → Quarantine Inclus
Emailurile detectate ca phishing sunt puse in carantina cu politica DefaultFullAccessPolicy.
#16 Block all forms of mail forwarding Inclus
Blocheaza forwarding-ul automat catre domenii externe la nivel de organizatie si transport rule.
#17 Ensure MailTips are enabled for end users Inclus
Avertizeaza utilizatorii in Outlook la trimitere externa, grupuri mari sau destinatari inexistenti.
Prag audienta mare: destinatari
#18 Ensure Microsoft 365 audit log search is Enabled Inclus
Activeaza Unified Audit Log pentru Exchange, SharePoint, Teams, Azure AD. Poate dura 60 min.
#19 Ensure mailbox auditing for all users is Enabled Inclus
Inregistreaza actiunile din fiecare mailbox: login, stergere, acces delegat, mutare mesaje.
#20 Ensure users installing Outlook add-ins is not allowed Inclus
Impiedica utilizatorii sa instaleze add-in-uri Outlook neautorizate care pot exfiltra date.
Safety Tips (Impersonation) Defender P1 necesar
#21 Enable domain impersonation safety tip Defender P1
Afiseaza un banner de avertizare in Outlook cand un email vine de la un domeniu similar cu unul de incredere.
⚠ Necesita Defender for Office 365 Plan 1
#22 Enable user impersonation safety tip Defender P1
Afiseaza avertizare cand expeditorul seamana cu un utilizator intern (ex: CEO real vs CEO fals).
⚠ Necesita Defender for Office 365 Plan 1
#23 Enable unusual characters safety tip Defender P1
Detecteaza caractere unicode speciale folosite pentru a imita litere latine (ex: а vs a — chirilic vs latin).
⚠ Necesita Defender for Office 365 Plan 1
Notificari & Politici Inclus in M365
#24 Exchange Online Spam Policies — notify administrators Inclus
Trimite notificari administratorului cand un utilizator este blocat sau detectat ca spam outbound.
#25 Safe Links for Office Applications Defender P1
Rescrie si verifica in timp real link-urile din emailuri si documente Office inainte de acces.
⚠ Necesita Defender for Office 365 Plan 1
#26 Ensure that an anti-phishing policy has been created Inclus
Verifica si configureaza politica anti-phishing cu spoof intelligence si actiuni corecte.
Clasificare Date & Conformitate Manual / Purview
#29 Publish M365 sensitivity label data classification policies Manual / Purview
Creeaza si publica etichete de clasificare (Confidential, Internal, Public) in Microsoft Purview.
⚠ Configurare manuala in Microsoft Purview — specifica per organizatie
#33 Extend sensitivity labeling to Purview data map Purview / E5
Extinde etichetele de sensibilitate la activele din Microsoft Purview Data Map.
⚠ Necesita Microsoft Purview — configurare manuala avansata
#34 Ensure the Customer Lockbox feature is enabled E5 / Office 365 E3+
Impune aprobarea explicita a adminului inainte ca Microsoft sa poata accesa datele tenantului.
⚠ Necesita Office 365 E3+ sau Microsoft 365 E5
#35 Ensure Auto-labeling data classification policies are used Purview / E5
Aplica automat etichete de sensibilitate pe documente si emailuri bazat pe continut (ex: CNP, IBAN).
⚠ Necesita Microsoft Purview — configurare manuala avansata
Spam Avansat Inclus in M365
#36 Retain spam in quarantine for 30 days Inclus
Pastreaza emailurile in carantina 30 de zile (default: 15 zile) pentru investigatii si recuperare.
#37 Set email Bulk Complaint Level (BCL) threshold ≤ 6 Inclus
Reduce pragul BCL pentru a filtra mai agresiv emailurile de tip bulk/newsletter neanuntate.
Prag BCL: (1-9, recomandat ≤6)
#38 Block users who reached the message limit Inclus
Blocheaza automat conturile care depasesc limitele de trimitere setate in politica outbound.
Externe/ora: Interne/ora: Zilnic:
Pasul 3 din 3
Confirmare
Verifica configuratia inainte de trimitere.
Configuratie trimisa!
Echipa noastra a primit configuratia si o va aplica in cel mai scurt timp.