Defender for O365: Preset vs Custom
No-Faffing Managed IT Support & Cyber Security Support. Made in Yorkshire, built for the UK.
Microsoft expert: Defender for Office presets or manual in admin portal, MSP guide to save time and boost security
Key insights
- Preset Security Policies: Microsoft provides predefined profiles — Standard, Strict, and Built-in protection — that package anti-phishing, anti-spam, anti-malware, Safe Attachments and Safe Links settings.
Use these to assign consistent protection levels to users without building each rule yourself. - Auto-updates and Microsoft-managed maintenance: Microsoft can update preset settings as threats change so the policy posture stays current.
This reduces the need for constant manual tuning across many tenants. - Faster deployment and lower complexity: Presets deploy in minutes and cut the number of individual policy objects you must manage.
They also reduce configuration drift and make repeatable setups easier for MSPs and busy admins. - Policy precedence — the main limitation: Presets can take precedence over some custom or legacy rules and they don’t offer every granular control.
If you need very specific exceptions or unique routing logic, a preset may not be enough. - Manual configuration when needed: Manual policies give full granularity but carry a hidden maintenance burden of ongoing testing, updates and rule precedence management.
Expect more time for design, validation and long-term upkeep when you go manual. - Recommendation and practical steps: For about 95% of clients, use presets as the default and apply Strict to high-value accounts (execs, finance, admins).
After assigning presets, run the Config Analyzer or review differences and only create manual policies for clear, documented needs.
Video summary and context
Jonathan Edwards' recent YouTube video examines the practical choice many admins face when protecting Microsoft 365 tenants: use Preset Security Policies or build a full manual configuration in Defender for Office 365. He frames the decision as a tradeoff between a quick, Microsoft-managed setup and a time-consuming, highly tailored approach that can take days or a weekend to get right. The video targets both single-tenant IT teams and managed service providers, and Edwards aims to help them save time while improving security posture.
How Preset Security Policies work
Edwards explains that presets bundle Microsoft’s recommended settings for anti-phishing, anti-spam, anti-malware, Safe Attachments, and Safe Links into profiles labeled Standard, Strict, and Built-in protection. Microsoft manages and updates these presets, which means the vendor can adjust settings as threats evolve, reducing the burden on administrators. The preset model also enforces a clear precedence: presets can override many custom or legacy policies, so administrators need to understand which objects will take effect.
Advantages: speed, consistency, and reduced drift
According to the video, the main advantages of presets are speed and consistency; admins can deploy a protection baseline across many tenants in minutes rather than hours or days. For MSPs managing dozens of clients, Edwards calls presets “a gift” because they reduce configuration drift and make it easier to maintain the same baseline for standard users and more aggressive protection for executives. He also highlights that Microsoft’s automated updates help keep policies aligned with current threat intelligence without continuous manual tuning.
Tradeoffs and the key limitation
However, Edwards warns that presets come with tradeoffs: you lose some fine-grained control and may face unexpected precedence behavior when mixing presets with custom policies. The single limitation he stresses is that presets are not designed to cover every unique business rule, and in some edge cases they can override or conflict with carefully crafted custom settings. Therefore, organizations that require highly specific routing, compliance exceptions, or unique mailbox behaviors will still need manual configuration and careful testing.
When manual configuration makes sense
Edwards outlines scenarios where manual policies are the right choice: high-risk targets like finance leaders, complex regulatory requirements, or environments that use unusual mail routing or third-party email gateways. Manual setup gives precise control over each protection component, but it also introduces a significant maintenance burden because someone must track threat changes, tune rules to reduce false positives, and update documentation. He emphasizes that manual policy work is not a one-time task; it requires periodic review and testing to remain effective.
Maintenance challenges and operational cost
The video spends a notable portion on the hidden costs: manual policies demand ongoing attention, which translates to staff time and the risk of misconfiguration when engineers hand off tenants. Edwards points out that small differences between tenants often lead to bespoke rules that are hard to scale, increasing administrative overhead and the chance of mistakes. In contrast, presets reduce that operational cost but may not meet strict, unusual, or highly regulated needs.
Practical recommendation for MSPs and admins
Edwards recommends a pragmatic hybrid approach for most organisations: adopt Preset Security Policies for the majority of users to gain rapid, vendor-maintained security, and reserve manual policies for the small fraction of accounts that truly need extra protection. He claims that about 95% of clients do not require custom settings, which suggests MSPs can deliver a secure service faster by standardising around presets and documenting exceptions. In addition, Edwards advises running Microsoft’s Config Analyzer or similar checks after assignment to highlight gaps or conflicting legacy settings.
Balancing control and efficiency
Ultimately, the video frames the decision as a balance between control and efficiency: presets minimize effort and keep you current with Microsoft-recommended settings, while manual policies maximize control at the cost of time and complexity. Edwards recommends that teams think in terms of risk tiers and operational capacity: use stricter presets for high-value targets and manual rules only where business needs justify the ongoing cost. This approach helps teams scale protections without drowning in policy management.
Takeaway for readers and administrators
In short, Jonathan Edwards' video provides a clear, practical guide: choose Preset Security Policies for broad, maintainable coverage, and use manual policies selectively when specific business rules demand them. He stresses testing and periodic review either way, because security effectiveness depends on correct configuration and timely adjustments. For MSPs and IT admins aiming to get secure quickly while retaining the option to customize, the video offers a concise framework to weigh speed against granular control.
Keywords
Defender for Office 365 preset policies, manual configuration Defender for Office 365, Microsoft Defender for Office 365 best practices, Office 365 security policy management, preset vs custom policies Office 365, Defender for Office 365 automation, secure Office 365 configuration, email protection Microsoft 365