Microsoft Defender for Office 365 is a cloud-based email filtering service that helps protect your organization against unknown malware and viruses by providing robust zero-day protection, and includes features to safeguard your organization from harmful links in real time. Defender for Office 365 has rich reporting and URL trace capabilities that give administrators insight into the kind of attacks happening in your organization.
You can add Defender for Office 365 to the following Exchange and Microsoft 365 subscription plans:
Exchange Online Plan 1
Exchange Online Plan 2
Exchange Online Kiosk
Exchange Online Protection
Microsoft 365 Business Basic
Microsoft 365 Business Standard
Office 365 Enterprise E1
Office 365 Enterprise E3
Office 365 Enterprise F3
Office 365 A1
Office 365 A3
Safe Attachments protects against unknown malware and viruses, and provides zero-day protection to safeguard your messaging system.
The Safe Links feature proactively protects your users from malicious URLs in a message or in an Office document. The protection remains every time they select the link, as malicious links are dynamically blocked while good links can be accessed.
The Safe Documents feature uses Microsoft Defender for Endpoint to scan documents and files that are opened in Protected View.
ATP for SharePoint, OneDrive, and Microsoft Teams helps detect and block files that are identified as malicious in team sites and document libraries. In addition, Safe Links protection is now available in Microsoft Teams channels and chats.
Anti-phishing checks incoming messages for indicators that a message might be a phishing attempt. When users are covered by Defender for Office 365 policies (Safe Attachments, Safe Links, or anti-phishing), incoming messages are evaluated by multiple machine learning models that analyze messages and the appropriate action is taken, based on the configured policies.
Monitoring capabilities available in the Security & Compliance Center include real-time reports and insights that let your security and compliance administrators focus on high-priority issues, such as security attacks or increased suspicious activity.
Explorer (also referred to as Threat Explorer) is a real-time report that lets authorized users identify and analyze recent threats. By default, this report shows data for the past 7 days; however, views can be modified to show data for the past 30 days.
Real-time detections is a real-time report that lets authorized users identify and analyze recent threats. Similar to Explorer, by default, this report shows data for the past 7 days.
Threat Trackers are informative widgets and views that provide authorized users with intelligence on cybersecurity issues that might impact your organization.
Automated incident response (AIR) capabilities available in Defender for Office 365 Plan 2 let you run automated investigation processes in response to well known threats that exist today.
Attack Simulator lets authorized users run realistic attack scenarios in your organization. Several different kinds of attacks are available, including a display name spear-phishing attack, a password-spray attack, and a brute-force password attack.