Frequent Contributor

Hello all


I am fairly new to Defender for O365. I am the cloud admin for a small company roughly 1000 accounts. We are moving from mimecast to Defender for O365. I read the article regarding preset security polices, and thought this would be a good place to start, so i enabled the standard policy for all the domains we host. Considering you cannot edit a preset policy i had to edit the default policy to fill in the gaps to account for the things like safe senders, blocked senders, safe domains and blocked domains. Is this the correct strategy to use? From my understanding the preset security policy will take precedence. How does the precedence work? If i create safe senders in the default anti-spam policy will these settings take effect even though the safe senders are not mentioned in the Standard preset security policy ?