Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
inwayovermyhead
Explorer

Best Practices - M365 Defender & CheckPoint Harmony

I'm trying to find some sort of "best practices" document for M365 Defender settings and Harmony Email and Collaboration.  I feel like we're fighting a never ending battle of "what did Microsoft change this month" that's causing email to disappear.  We don't want users requesting quarantine release from both Microsoft and CheckPoint, and we want the admins to spend as little time as possible in the M365 Defender environment.

Should I just follow the standard recommendations from the M365 Configuration analyzer?

6 Replies
the_rock
Legend
Legend

Let me talk to one of my colleagues thats helping a customer with this. I wont BS you about it, since I literally know bare basics on that subject. I know my colleague has been working with a client of ours on similar issue, so he would know for sure.

I will email him tomorrow, as he is in UK, so 5 hours difference from EST, Will keep you posted.

Andy

the_rock
Legend
Legend

@inwayovermyhead will speak to my colleague at 12 pm est, so will ask him about it and let you know soon.

Cheers mate.

Andy

0 Kudos
the_rock
Legend
Legend

K, just had a chat with my colleague and he pretty much told me he is having literally the same "battle" as you...multiple TAC cases that at the end dont seem to produce much, let alone any sort of solution. As you said, its right term, never ending story.

So, to answer your question, he told me YES, you should follow recommendations from the M365 analyzer, as it seems to be best thing to do.

 

0 Kudos
inwayovermyhead
Explorer

Thank you Andy - that's how we'll proceed.   If I ever write up my own "Best Practices" doc I'll be sure to share it here.

 

-Joe

(1)
the_rock
Legend
Legend

Thats awesome! Sorry Joe, I wish I had better news for you, but Im always truthful with people...I would rather tell you the truth then some nonsense to make you feel better, cause lets be honest, truth ALWAYS comes out at the end.

Cheers mate.

Andy

0 Kudos
BrianGoosen
Explorer

Hello!

 

I would configure Defender in 1 of 2 ways.

 

EOP (No Defender licenses)

MS defaults and let Check Point do all the security.

 

Defender P1 or P2

Configure the policies as you want, with the security levels you want, and create a custom Quarantine Digest in MS365 that does not send the digest emails. Then go into CP and configure CP to send the Quarantine and to integrate with MS365 Quarantine.

So, your MS365 Quarantine emails will show up on your CP digest.

Unified Quarantine - Admin and End User View of All Emails Quarantined by Microsoft and Avanan

 

Whether this is best practice, I am not sure, but this is how I have it set up and it works me and my clients.

Upcoming Events

    CheckMates Events