Understanding Microsoft Defender for Office 365 Features

Looking for cloud and email security solutions? Microsoft Defender for Office 365 provides plans that enhance detection, response, and protection of emails, Microsoft 365 cloud and desktop applications, and Microsoft Teams. Microsoft Defender for Office 365 is divided into two specific plans, Plan 1 and Plan 2.

While each plan has its own emphasis on a phase of email security, each plan has access to tools that allow for protection, detection, investigation, and response. The higher-tier the Microsoft Defender for Office 365 plan, the better insights and tools that come with it to achieve the emphasis for that level. 

Understanding the Many Microsoft Defender Products

Microsoft Defender is a brand of products that provide protection in different forms. Microsoft Defender as a brand includes Defender for Endpoint, Defender for Identity, Defender for IoT & OT, Defender for Office 365, and Defender for Business. All Defender products can be purchased as an add-on to any user license in your Microsoft setup. Some Defender products will come bundled with user licenses, including:

  • Microsoft 365 E5 – Includes Defender for Endpoint, Microsoft 365 Defender, Defender for Identity, and Defender for Cloud Apps.
  • Microsoft Business Premium – Includes Defender for Business.

For email, anti-spam, and anti-phishing protection, we are looking at Microsoft Defender for Office 365.

Microsoft Defender for Office 365 is among other defender products and security sets.
Different Defender products handle different security measures in and out of the Microsoft 365 world.

Do you have confidence in your cybersecurity tech stack?

Are you certain your tech stack is protecting your employees and endpoints? Dark Blue Technologies combines security solutions from leading cybersecurity partners to provide organizations with best-in-class coverage for all attack surfaces. We provide businesses with cutting-edge XDR, cybersecurity awareness training, hardware and cloud optimizations, and more. Get in touch with us to find out if we can help improve your business security.

Microsoft Defender for Office 365 Plans

Microsoft Defender for Office 365 is a paid add-on that is composed of two plans. Even if you do not have one of these paid plans, all licensed users with an Outlook inbox will receive protection through Exchange Online Protection (EOP) for free. Plan 1 focuses more on detection and investigation of threats while protecting end-users further through Safe links and Safe attachments. Plan 2 has an even larger emphasis on automation, investigation, and response.

Microsoft Defender for Office 365 Plans and how they integrate into security flow.

Exchange Online Protection 

Microsoft provides Exchange Online Protection to all inboxes included through a Microsoft subscription. These tools are provided for free and do not require an add-on license to activate. Most features are already pre-configured with security that minimally impacts workflow, and can be further customized in the Exchange Admin center.  EOP is a powerful set of tools that require more manual setup and optimization than other plans.

Exchange Online Protection includes: 

  • Spam, Malware, Phishing, and Bulk Mail filtering and intelligence. 
  • Anti spoofing and impersonation protection utilizing leading technologies. 
  • Block URLs and files based on rules set by Admin. 
  • Admin quarantine & ability for users to submit reports, including false positives/negatives. 
  • Utilize message trace and audit log searches to discover email flow and administrative activities. 
  • Refine and test allowlists and blocklists. Zero-hour auto purge of malicious emails. 

Microsoft Defender for Office 365 Plan 1 

Microsoft Defender for Office 365 P1 includes: 

  • Everything from Exchange Online Protection
  • Safe attachments, Safe Links, and enhanced protection across the Microsoft 365 product suite, including in emails. 
  • Detailed reporting and monitoring tools. 
  • User and domain impersonation protection. 
  • Time-of-click protection (Advanced Threat Detection for O365) for email, Office desktop and web clients, and Teams. 
  • Integrations with SIEM via API for automatic notifications and alerts. 
  • Real-time detections and URL tracing. 

Plan 1 for Microsoft Defender for Office 365 focuses on detection and investigation while introducing powerful features to protect users. Two of these features include Safe attachments and Safe links.  

Safe attachments

With Safe attachments, all messages and attachments that don’t have a known virus/malware signature are sent to a cloud-based sandbox environment where Defender for Office 365 uses a variety of machine learning and analysis techniques to detect malicious intent. If the message or attachment is malicious, Microsoft gives admins a few options: review the attachment manually, release the email without the attachment, hold the email and attachment, or release the email and attachment while monitoring the message status. 

With Safe links, this feature proactively protects your end-users from malicious URLs in an email, Teams message, or in an Office document. The protection remains every time the link is interacted with, as malicious links are dynamically blocked while good links can be accessed. Further, links in email are redirected through Defender’s Advanced Threat Detection allowing for time-of-click protection.

Microsoft Defender for Office 365 Plan 2

Microsoft Defender for Office 365 Plan 2 focuses more on investigation, response, and automation. This plan further includes Microsoft’s Phishing Security Awareness Training (PSAT) that is built-in to the Defender dashboard and requires minimal setup. 

Microsoft Defender for Office 365 P1 includes: 

  • Everything from Exchange Online Protection and Plan 1.
  • Advanced threat investigation through Threat Explorer, Threat Trackers. 
  • Automated investigation and response based on administrative setup. 
  • Develop, monitor, and review Attack simulation and PSAT. 
  • Proactively hunt and review threats with advanced hunting. 
  • Investigate incidents and pre-defined and admin-defined alerts through the centralized dashboard. 

What Plan Do I Need?

Depending on number of employees, industry, and other business variables, the right plan for you can differ. We normally recommend to our customers with 300 employees of fewer utilize Microsoft Defender for Office 365 Plan 1 and bundle additional security tools and services to better protect endpoints, accounts, and data.

Our customers who have over 300 employees or are more commonly communicating with external partners and businesses can find more use out of Microsoft Defender for Office 365 Plan 2. With this plan coupled with other security tools for endpoint protection, email filtering and encryption, and data backup and protection, businesses have been able to succeed with minimal interruption to monthly operation. Further, we recommend higher-priority users in these businesses upgrade their account license to a Microsoft 365 E5 license to take full advantage of email, document, and identity protection that Microsoft Defender for Office 365 Plan 2 does not offer.

We understand Microsoft products and licensing can be a headache, especially with the different plans, pricing, and designations they have. If you have questions or assistance in determining what will work best for your business, send us a message and we can chat more about licensing and the benefits of Microsoft Defender. Dark Blue Technologies is a Microsoft partner and can provide guidance to businesses looking for help.

Please enable JavaScript in your browser to complete this form.

Ready to talk about IT Solutions?

Fill out our online form with information about your next project or technical needs and we will be in touch within one business day.