Most organizations have Defender for Office 365 enabled. Far fewer have it configured in a way that actually reflects how attackers behave or how their users work.

This session is built on real customer environments, not lab setups. We'll walk through the decisions that matter: when preset security policies are the right call, when they're not, and what the gap between "deployed" and "effective" actually looks like in practice.
We'll cover anti-phishing and impersonation protection, Safe Links and Safe Attachments, and the configuration mistakes that quietly create blind spots or generate so much noise that teams start ignoring alerts altogether.

But email is only part of the story. Attackers have figured out that Teams is a trusted channel and most defenses haven't caught up.
We'll look at how Defender extends into Teams to cover malicious links, files, and social engineering that never touches your inbox.

We'll also spend time on Attack Simulator Training not as a box to check, but as a practical tool for reinforcing controls, improving how users report suspicious activity, and closing the gap between detection and response.

You'll leave with concrete configuration guidance, a clearer sense of where the real risks are, and a few things you'll probably want to go fix on Monday morning.

Attendees will leave with:
- A clear understanding of why email authentication is foundational to Defender effectiveness
- Practical Defender for Office 365 configuration guidance for both email and Teams
- Insight into common operational mistakes and how to avoid them
- A realistic approach to combining technical controls with user awareness