Hi,
Because different organizations have different budgets and needs, there are no specified best practices for Exchange Online security.
However, you can refer to the recommendations in the following links to deploy your organization's security settings:
Microsoft recommendations for EOP and Defender for Office 365 security settings | Microsoft Learn
Security and compliance for Exchange Online | Microsoft Learn
The 20 Best Techniques To Improve Exchange Online Protection (techieberry.com)
(Note: Microsoft provides third-party contact information to help you find additional information about this topic. This contact information may change without notice. Microsoft does not guarantee the accuracy of third-party contact information.)
In addition, some of the more routine tasks involved in your role as an Exchange Online administrator include:
1. Create accounts for new employees and assign them licenses and permissions.
2. Set mailbox features such as mailbox size limits, archive and deletion policies, mailbox sharing policies, and send by or on behalf of.
3. Create shared mailboxes or Microsoft 365 groups for collaboration.
4. Use EOP or ATP to manage your organization's email anti-spam protection and malware filters.
5. Use Content Search or eDiscovery tools to perform a search on mailboxes for data that meets specific criteria
6. Recover deleted items in a user's mailbox or retain an inactive mailbox for compliance or litigation purposes.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.