If you dip into your Microsoft 365 Security and Compliance Center, then into Threat Management and then into Policy as shown above you might some new Templated policies.
This will allow to select from two ‘best practices’ policies for your email protection from Microsoft. There is a standard and a Strict protection option.
You’ll find details about these here:
and if you want to know the low level settings that use you can find that here:
At the moment they are not enabled by default, but I can see the day when at the least the Standard template will be applied to all new tenants.
Of course, these are just a starting point for securing your email environment in but I certainly recommend that you do start with these templates because they apply a lot of best practices quickly and easily. They also configure not just Exchange Online but also Office 365 Advanced Threat protection (ATP) if that is part of the tenant.