When creating a security policy, you must define its protection scope by selecting user mailboxes and/or Active Directory user groups that you want to protect in the policy, and mailboxes and groups that are excluded from protection.
Protection of Active Directory groups of the Microsoft 365 type is not supported by the application; such groups are not displayed in the Management Console and cannot be included in the protection scope.
Depending on the size of the Office 365 organization and the number of selected mailboxes, it may take up to several hours to update the protection scope.
Protected mailboxes
To configure mailboxes and/or user groups that you want to protect in the policy:
To filter the list of mailboxes and/or user groups, use the Search entry field or the Display the following users and groups list (available values are All, Selected, and Not selected).
The mailboxes and user groups are listed alphabetically; at that, user groups are listed first. By default, the list of mailboxes and user groups is arranged by 10 lines per page. You can switch the pages of the list back and forth or change the default number of displayed lines per page at the bottom of the page.
To view the mailboxes included in a group, click the name of the group. The elements will be displayed in a separate window.
If you change the primary SMTP address for mailboxes included in the protection scope without group association, the application will recognize them as newly added ones. Protection for these mailboxes will be automatically disabled. To resume protection, select the required mailboxes from the list again.
If necessary, you can force the application to retrieve the list of mailboxes and user groups from Exchange Online by clicking the Synchronize list link above the list.
Excluded mailboxes
To configure mailboxes and/or user groups that you want to exclude from protection:
To filter the list of mailboxes and/or user groups, use the Search entry field or the Display the following users and groups list (available values are All, Selected, and Not selected).
The mailboxes and user groups are listed alphabetically; at that, user groups are listed first. By default, the list of mailboxes and user groups is arranged by 10 lines per page. You can switch the pages of the list back and forth or change the default number of displayed lines per page at the bottom of the page.
If the same mailbox or user group is listed as a protected item but is also added to the list of exclusions, the exclusion has priority over the general protection scope settings.
If necessary, you can force the application to retrieve the list of mailboxes and user groups from Exchange Online by clicking the Synchronize list link above the list.
If for any reason you want to anonymize any elements in the list or make them undetectable by the application, you can achieve this by customizing your Exchange Online settings. For the information about changing a user's display name, refer to the Office 365 documentation at https://docs.microsoft.com/en-us/office365/admin/add-users/change-a-user-name-and-email-address. For the information about blocking access to mailboxes, refer to the Azure Active Directory documentation at https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview.
Page top