No exclusions for the built-in protection policies.

Why This Matters

Built-in protection policies in Microsoft 365 should remain free of exclusions to ensure consistent threat detection and response. When administrators add exclusions, they can unintentionally create gaps in security coverage, leaving the environment vulnerable to phishing, malware, and other advanced threats. For IT admins, maintaining a no-exclusion baseline reduces attack surface and simplifies policy management.

What Aether365 Checks

Aether365 verifies that no exclusions are configured for the built-in protection policies in your Microsoft 365 tenant. This check appears in the Aether365 dashboard under the microsoft-365 checks section, highlighting any policies that deviate from the recommended secure baseline.