Ensure you have reviewed the Email Security Default Rules and Connection Default Rules.
If needed, configure any specific rules required for your organizational policy to be enforced.
Determine whether user-based spam digests will be utilized and make the necessary configurations.