This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
inwayovermyhead
Explorer
‎2023-08-22 02:37 PM

Best Practices - M365 Defender & CheckPoint Harmony

I'm trying to find some sort of "best practices" document for M365 Defender settings and Harmony Email and Collaboration.  I feel like we're fighting a never ending battle of "what did Microsoft change this month" that's causing email to disappear.  We don't want users requesting quarantine release from both Microsoft and CheckPoint, and we want the admins to spend as little time as possible in the M365 Defender environment.

Should I just follow the standard recommendations from the M365 Configuration analyzer?

6 Replies
the_rock
MVP Platinum
MVP Platinum
‎2023-08-22 05:59 PM

Let me talk to one of my colleagues thats helping a customer with this. I wont BS you about it, since I literally know bare basics on that subject. I know my colleague has been working with a client of ours on similar issue, so he would know for sure.

I will email him tomorrow, as he is in UK, so 5 hours difference from EST, Will keep you posted.

Andy

Best,
Andy
the_rock
MVP Platinum
MVP Platinum
‎2023-08-23 08:51 AM
In response to the_rock

@inwayovermyhead will speak to my colleague at 12 pm est, so will ask him about it and let you know soon.

Cheers mate.

Andy

Best,
Andy
0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2023-08-23 09:26 AM

K, just had a chat with my colleague and he pretty much told me he is having literally the same "battle" as you...multiple TAC cases that at the end dont seem to produce much, let alone any sort of solution. As you said, its right term, never ending story.

So, to answer your question, he told me YES, you should follow recommendations from the M365 analyzer, as it seems to be best thing to do.

 

Best,
Andy
0 Kudos
inwayovermyhead
Explorer
‎2023-08-23 09:44 AM
In response to the_rock

Thank you Andy - that's how we'll proceed.   If I ever write up my own "Best Practices" doc I'll be sure to share it here.

 

-Joe

(1)
the_rock
MVP Platinum
MVP Platinum
‎2023-08-23 10:07 AM
In response to inwayovermyhead

Thats awesome! Sorry Joe, I wish I had better news for you, but Im always truthful with people...I would rather tell you the truth then some nonsense to make you feel better, cause lets be honest, truth ALWAYS comes out at the end.

Cheers mate.

Andy

Best,
Andy
0 Kudos
BrianGoosen
Explorer
‎2023-09-09 11:40 AM

Hello!

 

I would configure Defender in 1 of 2 ways.

 

EOP (No Defender licenses)

MS defaults and let Check Point do all the security.

 

Defender P1 or P2

Configure the policies as you want, with the security levels you want, and create a custom Quarantine Digest in MS365 that does not send the digest emails. Then go into CP and configure CP to send the Quarantine and to integrate with MS365 Quarantine.

So, your MS365 Quarantine emails will show up on your CP digest.

Unified Quarantine - Admin and End User View of All Emails Quarantined by Microsoft and Avanan

 

Whether this is best practice, I am not sure, but this is how I have it set up and it works me and my clients.

Upcoming Events

    CheckMates Events