| Move messages that are detected as impersonated users by mailbox intelligence | MDO | 8 |
| Ensure that mailbox intelligence is enabled | MDO | 8 |
| Ensure that intelligence for impersonation protection is enabled | MDO | 8 |
| Enable impersonated domain protection | MDO | 8 |
| Turn on Microsoft Defender for Office 365 in SharePoint, OneDrive, and Microsoft Teams | MDO | 5 |
| Set action to take on high confidence spam detection | MDO | 5 |
| Set action to take on high confidence phishing detection | MDO | 5 |
| Ensure the Common Attachment Types Filter is enabled | MDO | 5 |
| Ensure that SPF records are published for all Exchange Domains | EXO | 5 |
| Ensure all forms of mail forwarding are blocked and/or disabled | MDO | 5 |
| Ensure additional storage providers are restricted in Outlook on the web | EXO | 5 |
| Ensure 'External sharing' of calendars is not available | EXO | 5 |
| Set action to take on bulk spam detection | MDO | 3 |
| Ensure users installing Outlook add-ins is not allowed | EXO | 3 |
| Ensure that an anti-phishing policy has been created | MDO | 3 |
| Ensure Spam confidence level (SCL) is configured in mail transport rules with specific domains | EXO | 3 |
| Ensure modern authentication for Exchange Online is enabled | EXO | 3 |
| Ensure MailTips are enabled for end users | EXO | 3 |
| Ensure mailbox auditing for all users is Enabled | EXO | 3 |
| Ensure that no sender domains are allowed for anti-spam policies | MDO | 2 |
| Set the email bulk complaint level (BCL) threshold to be 6 or lower | MDO | 1 |
| Set automatic email forwarding rules to be system controlled | MDO | 1 |
| Ensure the customer lockbox feature is enabled | EXO | 1 |
| Don't add allowed IP addresses in the connection filter policy | MDO | 1 |