Microsoft 365 Administration Lab · Project 7

Email Security & Identity Protection

Hardening a live M365 tenant through mail flow rules, anti-spam policies, MFA enforcement, and Microsoft Secure Score — simulating real-world security operations for an IT department.

PlatformMicrosoft 365 / Defender
TenantIntelX800.onmicrosoft.com
CompletedJune 2026
LevelIntermediate–Advanced

Skills Demonstrated

Mail Flow Rules Exchange Transport Rules Email Disclaimer Message Trace Anti-Spam Policies Allow / Block Lists Quarantine Management Spam Filtering Per-User MFA Microsoft Entra ID Password Protection Microsoft Secure Score Security Recommendations Microsoft Defender
1

Mail Flow Rules & Email Disclaimer

Exchange Admin Center · Transport Rules

Configured two outbound transport rules in Exchange Admin Center: a company-wide email disclaimer appended to all outgoing messages, and a keyword-based sensitive content blocker that prevents confidential data from leaving the organisation.

📋
Disclaimer Rule

Auto-appends confidentiality footer to all outbound emails from the tenant

🚫
Sensitive Keyword Block

Blocks outbound emails containing flagged terms — delivery fails with custom NDR

🔍
Message Trace

Used EAC Message Trace to verify rule triggers and confirm blocked delivery events

Evidence

Company Email Disclaimer rule in Exchange Admin Center
Active

Company Email Disclaimer outbound transport rule — Enforce mode, Priority 0, applied to all tenant senders

Disclaimer received in Gmail
Verified ✓

Outbound email received in Gmail with disclaimer appended — confirms the rule fired successfully on an external send

Block Sensitive Keywords rule enabled
Blocking

Block Sensitive Keywords outbound rule enabled at Priority 1 — fires after disclaimer, rejects messages containing flagged sensitive terms

Blocked email NDR in Outlook
Blocked ✓

NDR delivered to sender — "A custom mail flow rule at anish.website has blocked your message" confirming the rule works end-to-end

Message Trace Verification

Message trace showing blocked email events
Fail Events

Message Trace detail for the blocked test email — shows Receive → Submit → Fail → Transport Rule events, pinpointing exactly where the block occurred

Key Takeaway — Mail Flow Rules


2

Anti-Spam Policies & Quarantine

Microsoft Defender · Email & Collaboration

Configured the default anti-spam inbound policy to quarantine high-confidence spam, added domain-level allow and block lists, and verified the quarantine dashboard reflects a clean state with no false positives.

🛡️
Quarantine Actions

Spam and high-confidence spam set to Quarantine — not Junk folder, ensuring admin visibility

Allowed Domain

gmail.com added to allowed senders list for reliable delivery of test messages

🚫
Blocked Domain

spam.com added to the blocked senders list — all inbound from this domain auto-quarantined

Evidence

Anti-spam inbound policy actions panel
Configured

Default inbound policy — Spam and High Confidence Spam both set to Quarantine message with DefaultFullAccessPolicy

Manage blocked domains — spam.com
Blocked

spam.com added to blocked domains list — messages from this domain will always be quarantined automatically

Quarantine dashboard showing zero items
Clean ✓

Quarantine dashboard — 0 items across 30-day window, confirming no legitimate mail is being incorrectly flagged

Key Takeaway — Anti-Spam & Quarantine


3

MFA & Identity Security

Microsoft Entra ID · Authentication Methods

Enforced per-user Multi-Factor Authentication for the Global Administrator account via Microsoft Entra, and reviewed Password Protection settings including smart lockout thresholds and custom banned password lists.

🔐
MFA Enforced

Global Admin account (Anish Giri) set to Enforced status — strongest MFA requirement level

🔒
Password Protection

Reviewed smart lockout (10 attempts / 60s) and custom banned passwords settings

👥
User MFA Audit

Reviewed MFA status across all tenant users — identified accounts without MFA enabled

Evidence

Per-user MFA settings showing enforced for admin
MFA Enforced ✓

Per-user MFA page — Anish Giri set to Enforced, success toast confirms "Multifactor authentication was enabled successfully"

Key Takeaway — MFA & Identity


4

Microsoft Secure Score

Microsoft Defender · Security Posture

Reviewed the tenant's Microsoft Secure Score dashboard to understand the overall security posture and identify the top recommended actions for further hardening. Achieved 76.06% (54/71 points) — above baseline for a lab tenant.

📊
Score: 76.06%

54 of 71 points achieved — 8 items remaining to address across Identity and App categories

🎯
Top Actions Reviewed

Defender for Identity deployment, user consent policies, and Teams meeting controls identified as priority items

📈
Trend Tracked

Score history and metrics confirm upward trend as security configurations were applied during the project

Evidence

Microsoft Secure Score overview 76.06%
76.06%

Secure Score overview — 54/71 points achieved, 8 items To Address, trending upward after security configurations applied

Recommended actions list in Secure Score
19 Actions

Recommended actions ranked by score impact — top items include Defender for Identity deployment (+7.04%) and user consent policies (+5.63%)

Key Takeaway — Microsoft Secure Score