Iyo Yakazara Nhungamiro yeDefender yeHofisi 365: Dzivirira Email uye Mafaira

Kana uchishandisa Microsoft 365Yako email uye mafaera ndiwo anonyanya kunangwa kune vanokurwisa, saka zvakakosha kuti utore zvakanyanya nezve chengetedzo. Microsoft Defender yeHofisi 365 inowedzera makiyi ekudzivirira nezve Exchange Online Dziviriro, kutarisa mameseji, zvinongedzo, zvakabatanidzwa, uye kubatana muOneDrive, SharePoint uye Teams.

Mugwaro rino rinoshanda iwe unowana yakakwana uye inogoneka kufamba kufamba: kubva kune email yekusimbisa (SPF, DKIM, DMARC) uye pre-yakasimbiswa Standard/Strict policy, maitiro ekuisa pamberi pemaakaundi, kugamuchira mishumo yevashandisi, kutonga zvibvumirano/kuvharira zvinyorwa, kuvhura phishing simulations, uye kupindura kune zviitiko. Iwe unozotarisawo marezinesi, kuvanzika, kuchengetedza data, uye tricks kuvandudza mhedzisiro pasina kupenga, senge Dzivirira Microsoft Defender kubva pakuvhara mafaira akachengeteka.

Zvinodiwa zvakakosha uye mvumo

Nekutadza, Microsoft 365 inotoisa zvipingamupinyi zvetsamba munzvimbo neEOP, asi Defender yeHofisi 365 inowedzera dziviriro iyoyo nemhando yepamusoro. Kuti uigadzirise zvakanaka, iwe unozoda mvumo yakakodzera.

Nzira iri nyore yekugovera ndeyekugovera basa re Security Administrator paMicrosoft Enter kune avo vanenge vachibata Defender yeHofisi 365. Kana ukada mvumo dzakatsetseka, unogona kushandisa zvibvumirano zveExchange Online kana mvumo chaiyo yeEmail & Collaboration muDefender portal, asi dzivisa kupa Global Administrator basa kumunhu wese uye rinotevera musimboti weropafadzo diki.

Danho 1: Gadzirisa email yechokwadi (SPF, DKIM, DMARC, uye ARC)

Usati wafunga nezve spam kana malware, inguva yekudzivirira mavambo. The Huchokwadi hwetsamba hunosimbisa kuti mameseji ari pamutemo uye haana kukanganiswa.Iwe unofanirwa kushandisa zviyero izvi nenzira iyi kune yega yega domain domain inotumira email kubva kuMicrosoft 365.

• SPF (TXT): Taura kuti ndeapi mauto anotenderwa kutumira akamiririra nzvimbo yako. Budisa rekodhi reSPF rakarurama kudzivirira kutevedzera uye kunatsiridza kusununguka.
• DKIM: siginicha inobuda inofamba mumusoro uye inopona pakudzokorora. Ishandise kune ako madhomeini uye shandisa makiyi eCNAME aunopihwa neMicrosoft 365.
• DMARC: Inoratidza zvekuita kana SPF/DKIM ikatadza. Zvinosanganisira mutemo p=ramba op=quarantine uye vanogamuchira mishumo yeaggregate uye forensic, saka maseva ako ekuenda anoziva zvekutarisira.
• ARC: Kana sevhisi yepakati ikagadzirisa mameseji anouya, inyore se yakavimbika ARC sealant kuchengetedza traceability uye kuona kuti mavambo echokwadi haana kuputswa.

Kana iwe ukashandisa iyo '*.onmicrosoft.com' domain seyako email sosi, wakatoita rimwe basa. SPF uye DKIM zvinogadziriswa nekusarudzika, asi iwe unozofanirwa kugadzira iyo DMARC rekodhi yeiyo domain kana iwe uchiishandisa pakutumira.

Danho 2: Mitemo yekutyisidzira uye mashandisirwo ayo

Kune matatu efungidziro akaturikidzana muDefender yeHofisi 365: default policy, preset kuchengetedza mitemo, uye tsika tsikaKunzwisisa mutsauko uye kutangira kunokuchengetedza dambudziko rakawanda.

Mhando dzemitemo iripo

• Default directives: vanorarama kubva panguva yaunogadzira muroja, nguva dzose inoshanda kune vose vanogamuchira uye haugone kushandura chiyero chavo (unogona kushandura marongero avo mune dzimwe nguva). Ndivo mambure ako ekuchengetedza.
• Preset kuchengetedza mitemo: Yakavharwa profiles neMicrosoft maitiro akanakisa, mune maviri flavour: Standard y YakasimbaYakabatanidzwa chinongedzo uye kuchengetedzwa kwekunamatira kunogoneswa nekusarudzika; yeStandard/Strict, iwe unofanirwa kuigonesa uye kutsanangura vanogamuchira uye kunze.
• Custom directives: kana iwe uchida chaiwo marongero (mutauro/kuvharira nyika, tsika dzekugara, zviziviso zvetsika), gadzira akawanda sezvaunoda uye unopa mamiriro nevashandisi, mapoka kana madomasi.

Iwo preset anoshanduka otomatiki: Kana Microsoft ikasimbisa kurudziro, iyo mbiri inovandudzwa Uye iwe unobatsirwa pasina kubata chero chinhu. MuStandard uye Zvakaomarara, unogona chete kugadzirisa mushandisi uye domain yekuedzesera zvinyorwa uye zvinosiya; zvimwe zvese zvakaiswa padanho rinokurudzirwa.

Order of precedence

Kana meseji kana chinhu chikaongororwa, Yekutanga inoshanda mutemo ndiyo inoraira uye zvimwe zvacho hazvicharangarirwi. Kazhinji, kurongeka ndeichi:

1. Preset kuchengetedza mitemo: kutanga Strict, ipapo Standard.
2. Custom directives yechinhu ichocho, chakarongedzerwa nekutanga (0, 1, 2…).
3. Default policy (kana kudzivirira kwakabatanidzwa munyaya ye Safe Links/Attachments).

Kuti udzivise kupindirana kunoshamisa, shandisa mapoka akasiyana anotarirwa padanho rega rega uye wedzera zvakasarudzika muStrict/Standard kune vashandisi vauchatarisa netsika tsika. Avo vasingawire mumazinga epamusoro vanozochengetedzwa neiyo default kana yakavakirwa-mukati chengetedzo.

Yakakurudzirwa zano

Kana pasina chinodiwa chinokusundidzira iwe kugadzirisa, Inotanga neiyo Standard policy yesangano rose uye Strict reserves yemapoka ane njodzi huru. Zviri nyore, zvakasimba, uye kuzvigadzirisa sezvo kutyisidzira kunochinja.

Nhanho 3: Ipa mvumo kune maneja pasina kuwandisa

Kunyangwe account yako yekutanga iine simba kune zvese, Haisi pfungwa yakanaka kupa basa reGlobal Admin kune chero munhu anoda kushanda pakuchengetedza. Semutemo, ipa iyo Chengetedzo Administrator basa muMicrosoft Access kune maneja, nyanzvi, uye rutsigiro uyo achange achitonga Defender yeHofisi 365.

Kana iwe uchinge uchinge uchingotungamira email, unogona kusarudza Chinjana Online mvumo kana iyo Email & Collaboration mabasa eDefender portal. Dumu reropafadzo, nguva dzose kuderedza ngozi.

Nhanho 4: Maakaunti Akakosha uye Mategi eMushandisi

Defender yeHofisi 365 inobvumira kumaka vanosvika mazana maviri nemakumi mashanu evashandisi seakaunzi ekutanga kuzvisimbisa mumishumo uye kutsvagisa uye kushandisa mamwe heuristics. Yakanakira vatariri, mari, kana IT.

NePlan 2 iwe unayowo custom user tags kumapoka emapoka (vatengesi, maVIP, madhipatimendi) uye kuongorora mafirita. Ziva kuti ndiani anofanirwa kuiswa kubva pazuva rekutanga.

Nhanho 5: Mharidzo dzinotaurwa nevashandisi

Vashandi vanosimudza maoko avo ndeyegoridhe: Iwo enhema positives/negatives avanoshuma anobvumidza iwe kugadzirisa marongero uye dzidzisa mafirita eMicrosoft.

• Vanoshuma sei: neReport bhatani rakasanganiswa muOutlook (web/desktop) kana ne yakatsigirwa yechitatu-bato maturusi vanoshandisa iyo yakatsigirwa fomati; aya ndiwo maitiro avachaita muReport tab yemushandisi weKutumira.
• Vanoendepi?: nekusarudzika kubhokisi retsamba rakasarudzwa ratova muMicrosoft. Unogona kuchinja izvi kuti mailbox chete (uye nemaoko kumberi kuMicrosoft) kana Microsoft chete. Gadzira bhokisi retsamba rakatsaurirwa remishumo iyi; usashandise account yekutanga.

Kutumira mishumo kuMicrosoft kunobatsira mafirita anodzidza nekukurumidzaKana ukasarudza inbox-chete, yeuka kutumira maemail akakodzera kuti aongororwe kubva kuSending tab.

Danho rechitanhatu: Vhara uye bvumira nemusoro

Tenant bvumidza / block zvinyorwa zvine simba, asi Kubvumira zvisina kufanira kunovhura magonhi asina basa. Kunda nekuvharira uye shandisa zvibvumirano zvenguva pfupi chete mushure mekunyatso simbisa.

• Vimba: wedzera domains / maemail, mafaera uye maURL mumatabo anowirirana kana tumira zvinhu kuMicrosoft kubva kuSendings kuti yekupinda igadziriswe otomatiki. Spoofing Intelligence inoratidza yakavharwa / inobvumidzwa vanotumira; unogona kuchinja zvisarudzo kana gadzira zvinyorwa zvinokurumidza.
• Bvumidza: Unogona kubvumira madhomeni/maemail nemaURL kuti apfuure mitongo yakawanda, spam, high-confidence spam, kana non-high-confidence phishing. Malware haigone kubvumidzwa zvakananga kana maURL/madomain akamisikidzwa seakanyanya kuvimba ne phishing; mune izvo zviitiko, tumira kubva kune Zvinyorwa uye womaka 'Ndasimbisa kuti yakachena' kugadzira a kunze kwechinguvana.

Ngwarira kunze: dziongorore uye dzipere pavanenge vasingachadiwi. Iwe unodzivirira izvo zvisingafanirwe kuitika nekuda kwekubvumidza kwekare.

Nhanho 7: Phishing Simulations uye Kudzidziswa

NeAtack Simulation Training (Chirongwa 2) unogona tanga danidziro dzekuedzesera dzechokwadi uye kupa dzidziso zvichienderana nemhinduro yemushandisi. Bata pane zvitupa, QR phishing, zvine njodzi zvakanamirwa, kana BEC kuvhara iyo spectrum.

Iyo telemetry yemadanidziro aya inoratidza maitiro ane ngozi uye inobatsira kuronga kusimbisa. Zvakanaka, inomhanyisa kuenzanisa kwekota kuchengetedza kurova.

Danho rechisere: Tsvakurudza uye pindura pasina kutambisa nguva

Kana yambiro ikamutswa, chinangwa chakajeka: nzwisisa chiyero uye kugadzirisa nekukurumidzaDefender yeHofisi 365 inokupa maviri akakosha mabhenefiti mubasa rako remazuva ese.

• Kutyisidzira Explorer: Sefa nemalware, phish kana maURL akaonekwa, shandisa iyo campaign view kuona mameseji ese akakanganisika uye kushandisa zviito zvakawanda (Soft delete/Purge) pameseji dzakakanganiswa.
• Otomatiki Kuongorora uye Mhinduro (AIR) muChirongwa 2: inotanga kuongorora, inoparadzanisa mameseji, inoongorora zvinongedzo, inoreva mabhokisi etsamba uye inokurudzira kana kugadzirisa kugadzirisa.

Uyezve, Zero-awa Auto Purge (ZAP) inogona kubvisa tsamba mushure mekutumira kana yakarongedzwa zvakare, iyo kuderedza kuratidzwa kwehwindo kana chimwe chinhu chikazoongororwa zvakare sechakashata.

Kuchengetedza OneDrive, SharePoint, uye Matimu

Tsamba ndiyo gedhi, asi mafaera ndiwo akapamba. Inowedzera dziviriro kune OneDrive, SharePoint, uye Matimu kucheka hutachiona uye kusefa zvinhu zvakashata mukubatana.

• Antimalware mumafaira: Sandbox yekunamatira yekuongorora uye detonation neSafe Attachments, kusanganisira Dynamic Delivery kuitira kuti usamire kuverenga meseji uchiongorora faira. Dzidzawo kuita tarisa faira yakatorwa.
• Safe Links: Chaiyo-nguva URL kunyorazve uye kuongororwa mumaemail, zvinyorwa, uye Zvikwata; unogona kudzivirira kudzvanya-kuburikidza kuvhara yambiro yekufuratira.
• DLP uye zvinyorwa zvekunzwa (Purview): Inodzivirira kunyudza kwedata uye inoshandisa encryption/controls nechiyero chekunzwa, kunyangwe kunze kwesangano, kana kudzidza viga uye chengetedza maemail akavanzika.

Inopindirana neMicrosoft Defender yeCloud Apps nokuti Ziva Shadow IT, shandisa marongero munguva chaiyo uye tarisa zvisizvo (ransomware, masevhisi ane hutsinye) mumasevhisi emakore, zvese Microsoft uye yechitatu-bato.

Rezinesi uye nekukurumidza activation

Defender yeHofisi 365 inowanikwa muzvirongwa zviviri: P1 (Safe Links, Safe Attachments uye advanced anti-phishing) uye P2 (inowedzera Threat Explorer, AIR uye simulations). E5 inosanganisira P2; neE3 unogona kuwedzera P1 kana P2 sezvinodiwa.

Kushanda	EOP	Ronga 1	Ronga 2
Yakajairika antispam/antimalware	✔	✔	✔
Safe Links	-	✔	✔
Safe Attachments	-	✔	✔
Antiphishing with IA	-	✔	✔
Kutyisidzira Explorer / AIR	-	-	✔
Attack Simulation	-	-	✔

Kuti uishandise, enda kuMicrosoft 365 Defender, enda ku Email & Kudyidzana > Matemo & Mitemo uye gonesa Standard/Strict. Ipa nzvimbo (vashandisi, mapoka, madomasi) uye tsanangura zvisizvo pazvinenge zvakakodzera.

PowerShell shortcut ye antiphishing

# Conecta al módulo de Exchange Online
Connect-ExchangeOnline

# Crea política y regla de Anti-Phish básicas
New-AntiPhishPolicy -Name 'AntiPhishCorp' \
 -EnableMailboxIntelligence $true \
 -EnableDomainImpSpoofProtection $true \
 -EnableUserImpSpoofProtection $true

New-AntiPhishRule -Name 'AntiPhishCorpRule' \
 -AntiPhishPolicy 'AntiPhishCorp' -RecipientDomainIs 'midominio.com'

Rangarira izvozvo ne Dynamic Delivery mune Safe Attachments Mushandisi anogashira iwo meseji muviri ipapo ipapo, uye icho chinosungirirwa chinoburitswa mushure mekutangisa; izvi zvinovandudza ruzivo pasina kupa kuchengetedzwa.

Maitiro akanakisa, Zero Trust uye kubatanidzwa

Kuti usimbise chimiro chako, shandisa idzi nhungamiro. Hazvidi mashiripiti, kutsungirira chete. uye kutonga kunoshanda.

• DMARC ine p=quarantine/reject uye DKIM pane ese madomasi kumisa spoofing.
• Wongorora Secure Score semi-pagore uye chinangwa che ≥ 75%. Shandisa mazano akakodzera.
• Chengetedza zviratidzo zvenhema mukuvharirwa uye kugadzirisa pasina kunyanyisa-kubvumira. Zvishoma zvakawanda.
• Quarterly simulations kusimudzira chokwadi pakati pevashandisi vekupedzisira.
• Batanidza neMicrosoft Sentinel Kana iwe uine SIEM, yeakawanda-domain correlation uye SOAR otomatiki.
• Zvinyorwa zvinyorwa (semuenzaniso, mapato echitatu anotumira zvakanamirwa zvisina kujairika) uye ongorora iwo kota.

Mukati mezano Zero Vimbai, Defender yeHofisi 365 inovhara email nekubatana; anowedzera Defender for Endpoint kudzikamisa lateral kufamba uye kupindura pachigadzirwa, uye kuzembera SmartScreen kumisa mawebhusaiti uye downloads ine ngozi pamagumo, kuwedzera pakugadzirisa nharembozha manejimendi (MDM).

Dhata uye kuvanzika muDefender yeHofisi 365

Paunenge uchigadzirisa maemail neTimu mameseji, Microsoft 365 inobata metadata senge ratidza mazita, kero dzeemail, IP kero nemadomasi. Iwo anoshandiswa kune offline ML, mukurumbira, uye kugona seZAP. Kuti uwane mamwe maseru, funga Dzivirira email yako neShielded Email.

Mishumo yese inoenderana nezviziviso EUPI (pseudonyms) uye EUII, nezvivimbiso izvi: data rinogovaniswa chete mukati mesangano rako, rakachengetwa mudunhu rako uye vashandisi vane mvumo chete ndivo vanogona kuwanaEncryption pakuzorora inosimbiswa uchishandisa ODL uye CDP.

Data nzvimbo

Defender yeHofisi 365 inoshanda muMicrosoft Entra datacenters. Kune mamwe ma geographies, data pakuzorora yemasangano akapihwa inochengetwa mudunhu ravo chete. Matunhu ane pekugara zvinosanganisira:

• Ositireriya
• Brasil
• Kanadha
• European Union
• France
• Alemania
• India
• Izirayeri
• Italia
• Japan
• Norway
• Poland
• Kwata
• Singapore
• South Africa
• South Korea
• Suecia
• Switzerland
• United Arab Emirates
• United Kingdom
• United States

Pakati pe data rakachengetwa pakuzorora mudunhu renzvimbo (dziviriro yakasarudzika mumabhokisi emabhokisi egore uye muDefender yeHofisi 365) zviziviso, zvakabatanidzwa, block list, email metadata, analytics, spam, quarantines, mishumo, mitemo, spam domains uye URLs.

Kuchengeta uye kugovana

Defender yeHofisi 365 data inochengetwa Mazuva 180 mumishumo uye zvinyorwa. Ruzivo rwemunhu rwakabviswa rwakavharwa uye rwunobviswa otomatiki mazuva makumi matatu mushure menguva yekuchengeta. Pakupera kwemarezinesi uye nguva dzenyasha, iyo data inodzimwa zvisingaite pasati papfuura mazuva 190 mushure mekupera kwekunyoreswa.

Defender yeHofisi 365 inogovera data ne Microsoft 365 Defender XDR, Microsoft Sentinel, uye mabhuku ekuongorora (kana akapihwa rezenisi nemutengi), kunze kwekusiyana kweGCC makore ehurumende.

Ransomware Kudzoreredza muMicrosoft 365

Kana, kunyangwe zvese, chimwe chinhu chinotsvedza, ita nekukurumidza: Misa kuwiriranisa kweOneDrive uye bvisa makomputa akakanganisika kuchengetedza makopi ane hutano. Wobva watora mukana wezvaunosarudza.

• Version control: Sevha akawanda mavhezheni kuSharePoint, OneDrive, uye Exchange. Unogona kuseta kusvika ku50.000, asi chenjera: Imwe ransomware encrypts ese mavhezheni and the kuchengetedza extra account.
• Kudzokorora bhini: Inodzoreredza zvinhu zvakadzimwa panguva 93 mazuvaMushure menguva iyoyo uye zvikamu zviviri zvemarara, unogona kubvunza Microsoft kusvika ku14 mamwe mazuva kuti apore.
• Kuchengeta mitemo (E5/A5/G5): inotsanangura kuti inguva yakadii kuchengeta uye chii chinogona kudzimwa; automates inholdings nemhando dzemukati.
• Preservation Hold Library: Nemabatiro anoshanda, kopi isingachinjiki inochengetwa kuOneDrive/SharePoint; inokutendera kuti utore mafaira akakwana mushure mechiitiko.
• Chechitatu-bato backups: Microsoft haiite negadziriro yeparutivi gadziriro yechinyakare yezvinhu zvako zveM365; funga nezve SaaS backup mhinduro ye Kuda RTO/RPO uye granular kupora, kana kudzidza chengetedza maemail ako.

Kuti uderedze mavekita ekupinza rangarira kusanganisa email dziviriro (EOP + Defender), multi-factor kuvimbiswa, kurwisa mitemo yekudzikisa nzvimbo, uye Shandura marongero ayo anoderedza njodzi yephish uye spoof.

Nezvose zviri pamusoro apa, yako Microsoft 365 nharaunda inooneka yakasimba. Imeyili yakatenderwa, inopindirana marongero ane akajeka ekutanga, yakachengeteka kubatana, vashandisi vekubika, simulations yekudzidzisa, uye kuongorora chaiko uye kugona kupindura. Zviise kumusoro nekuongororwa nguva nenguva, Chengetedza Chibodzwa, uye kushoma kusasununguka, uye iwe unenge uine sisitimu inomira kune mishandirapamwe yemazuva ano pasina kupa usability.