Exam MS-101 topic 2 question 26 discussion

Anti-Phishing & Anti-Spam. Safe attachments: 15 days only cannot be changed. Safe links: does not scan attachments but URLs. DKIM: is for validation of others that you own the domain and hence is outbound. Anti-malware: 15 days only cannot be changed.

Antispam + DKIM

How long quarantined messages are held in quarantine before they expire is controlled by the Retain spam in quarantine for this many days (QuarantineRetentionPeriod) in anti-spam policies. For more information, see Configure anti-spam policies in EOP. Link: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/quarantine-policies?view=o365-worldwide

-The email address of senders to your company must be verified: I think it should be Anti Spam to verify and filter junk email from legitimate email

I'm surprised, but I think it's ATP Anti-Phishing (this one is obvious) Anti-Spam How long quarantined messages are held in quarantine before they expire is controlled by the Retain spam in quarantine for this many days (QuarantineRetentionPeriod) in anti-spam policies. For more information, see Configure anti-spam policies in EOP. If you change the quarantine policy that's assigned to a supported protection feature, the change affects messages that are quarantined after you make the change. Messages that were previously quarantined by that protection feature are not affected by the settings of the new quarantine policy assignment. https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/quarantine-policies?view=o365-worldwide

I think it's anti-phishing and Anti-malware https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-attachments?view=o365-worldwide "Attachments aren't scanned for malware by Safe Attachments. Messages are still scanned for malware by anti-malware protection in EOP." https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/manage-quarantined-messages-and-files?view=o365-worldwide Anti-malware can quarantine messages that contain malware and a quarantine policy can be configured to expire the quarantined message from 1-30 days

if 20days of quarantine is a must. only Anti-spam can do. Anti-spam did mention can block malware. https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/quarantine-email-messages?view=o365-worldwide Quarantine reason: Messages quarantined by anti-spam policies: spam, high confidence spam, phishing, high confidence phishing, or bulk. Default retention period: 15 days: In the default anti-spam policy. In anti-spam policies that you create in PowerShell. 30 days in anti-spam policies that you create in the Microsoft 365 Defender portal. Customizable? Yes https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-spam-protection?view=o365-worldwide EOP anti-spam and anti-phishing technology is applied across our email platforms to provide users with the latest anti-spam and anti-phishing tools and innovations throughout the network. The goal for EOP is to offer a comprehensive and usable email service that helps detect and protect users from junk email, fraudulent email threats (phishing), and malware.

This is a touch question, but it's Anti-Phishing and Anti-Spam. Here is the article that tells you: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/quarantine-policies?view=o365-worldwide "How long quarantined messages are held in quarantine before they expire is controlled by the Retain spam in quarantine for this many days (QuarantineRetentionPeriod) in anti-spam policies. For more information, see Configure anti-spam policies in EOP. If you change the quarantine policy that's assigned to a supported protection feature, the change affects messages that are quarantined after you make the change. Messages that were previously quarantined by that protection feature are not affected by the settings of the new quarantine policy assignment." So, you have to setup a quarantine policy in anti-spam (or PS) and assign it to the Safe Attachments feature.

Anti-Phishing + Anti-Spam

Anti-Phishing + Anti-Spam

The question is not right. The only way to configure quarantine for messages containing a malware is Safe Attachments. Anti-Spam has no options for malware. The default retention period (cannot be modified) for messages quarantined for malware is 15 days. There're no additional options on this, so the answer is wrong.

Malware found in email attachments must be quarantined for 20 days == SAFE ATTACHMENT Read the required info carefully [The email address of senders TO your company must be verified]. They key here is the word TO and not FROM. DKIM will add a digital signature to your outgoing emails as a proof of identity, but the question wants the others to prove their identity, hence ANTI-PHISHING, which is the mechanism by which your incoming mail server verifies that the sender is coming from where it should be and not from somewhere else

I would choose Anti-Phishing & Anti-Spam. However, in Anti-Spam couldn't find a malware detection rule. There is ZAP (Zero hour auto-purge) which is far from quarantine but affects malware messages that have already been delivered to Exchange Online mailboxes and purge them. But those 20 days... haven't found the option to adjust it elswhere

I had this on test it is Anti-phishing and Anti Spam. Here's the homework : The email address of senders to your company must be verified. https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-anti-phishing-policies?view=o365-worldwide#impersonation-settings-in-anti-phishing-policies-in-microsoft-defender-for-office-365 ✑ Malware found in email attachments must be quarantined for 20 days https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-attachments?view=o365-worldwide https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/manage-quarantined-messages-and-files?view=o365-worldwide 15 days for files quarantined by Safe Attachments for SharePoint, OneDrive, and Microsoft Teams in Defender for Office 365.

Malware found in email attachments must be quarantined for 20 days- ATP Safe attachments. Agreed the quarantine period is 15 days and there seems to be no way to change it, this solution looks the closest to meet the requirement. Anti-pam does not scan for malware in attachments.

ATP Safe attachments policy does block malware n attachments and the message is sent to Quarantine https://www.imaginet.com/2018/office-365-advanced-threat-protection-101-atp-safe-attachments-policies/#:~:text=Creating%20Your%20First%20ATP%20Safe%20Attachments%20Policy&text=Applies%20to%20the%20imaginet.com,send%20it%20to%20the%20quarantine.

Anti-phishing and Anti-Spam - checked on tenant and confirmed 30 days is only possible via Anti-Spam policy.