Licensing

Overview

Microsoft Defender for Office 365 is an advanced security solution that protects Microsoft 365 users from email-based threats (phishing, malware, business email compromise), malicious links, and unsafe file attachments. It integrates directly with Exchange Online and is part of Microsoft’s layered security model, which starts with Exchange Online Protection (EOP) and extends through Defender for Office 365.

Protection Types:

  • EOP: Basic email protection (anti-spam, anti-malware, spoofing, and outbound spam filtering).

  • Defender for Office 365 Plan 1: Adds zero-day malware protection, advanced phishing protection (e.g., user and domain impersonation), Safe Attachments, and Safe Links to block malicious content in emails and collaboration tools like SharePoint and Teams.

  • Defender for Office 365 Plan 2: Includes all Plan 1 features but also adds attack simulation, threat hunting tools (like Threat Explorer and Threat Trackers), and Automated Investigation and Response (AIR) to automate threat remediation. It also allows advanced incident response and security automation.

Defender for Office 365 Plan Comparison

  1. Plan 1:

    • Prevent and Detect: Protection against phishing, domain impersonation, advanced malware via Safe Attachments and Safe Links.

    • Investigate and Respond: Real-time detections, email entity pages, SIEM integration for better visibility into threats.

    • Collaboration Tools Protection: Safe Attachments and Safe Links extend to SharePoint, OneDrive, and Microsoft Teams.

  2. Plan 2:

    • Prevent and Detect: Adds Attack Simulation Training to test and train users on phishing and other attack vectors.

    • Investigate and Respond: Includes Threat Explorer, Threat Trackers, and Automated Investigation and Response (AIR). These help proactively hunt for threats and automate post-breach investigations.

    • Advanced Security: Plan 2 also integrates with Microsoft Defender XDR (Extended Detection and Response), which enables cross-platform threat detection, incident review, and response automation.

Key Features of Each Plan

  • Plan 1:

    • Anti-phishing policies with impersonation protection.

    • Safe Links and Safe Attachments for Office clients, email, SharePoint, OneDrive, and Teams.

    • Real-time threat detection.

    • Email entity page to investigate suspicious activity.

    • SIEM integration for custom threat monitoring.

  • Plan 2:

    • All of the above plus Attack Simulation Training, allowing admins to simulate phishing and malware attacks to train users.

    • Threat Explorer and Threat Trackers for advanced investigation and hunting capabilities.

    • Automated Investigation and Response (AIR) for compromised users and suspected malicious activity.

    • Microsoft Defender XDR integration for holistic incident management across email and endpoints.

Integration with Microsoft Defender XDR

Defender for Office 365, especially in Plan 2, integrates with Microsoft Defender XDR, allowing users to detect, investigate, and respond to incidents beyond just email (e.g., across devices, cloud apps, etc.). This broader scope helps businesses consolidate their security operations under a unified platform.

PreviousMicrosoft Purview eDiscoveryNextKey Features

Last updated