Cybersecurity and Infrastructure Security Agency issues an update to its Office 365 security best practices. The DHS cyber-security agency created its list of best practices following several engagements with organizations that have migrated to cloud-based collaboration solutions such as Office 365 since October 2018. Microsoft is also adding new features designed to block malicious content in Office 365 regardless of the custom configs set up by admins or users unless manually overridden. Microsoft also adding a new Office 365 Advanced Threat Protection (ATP) feature that would block email sender domains if they fail DMARC authentication.
Source: https://www.bleepingcomputer.com/news/security/us-govt-updates-microsoft-office-365-security-best-practices/