In our modern technology-driven era, it’s critical for organizations of all shapes and sizes to seriously embrace cybersecurity. One of the most fundamental aspects of a robust security infrastructure is designing and maintaining high levels of security across an organization’s most important systems.
For many organizations, there’s no tool more central to the way they do business than Microsoft Office 365: tools like Outlook and Excel are foundational to day-to-day business activities. Unfortunately however, the popularity of Office 365 has rendered it an attractive target for cyber criminals, and consequently, organizations need to prioritize securing their Office 365 environments against attacks.
Microsoft Defender is an antivirus software program that is included with Windows 10 enterprise subscriptions. It features a range of antivirus features, and helps organizations to better protect themselves from attacks across their Office 365 suite. In addition to basic features, there are a number of options for organizations looking to upgrade their overall security posture.
In this guide, we’ll explore Microsoft Defender for Office 365 in detail, unpacking the various features and sharing how you can deploy them to improve the overall security of your organization.
Microsoft Defender is an anti-malware cloud-based software that comes with Office 365 subscriptions. The software enables security operations teams to better detect, investigate, and respond to security incidents in their Office 365 environment.
Every Office 365 subscription comes with Exchange Online Protection (EOP) by default. It’s possible to upgrade to more sophisticated levels of protection, that include email and malware protection, as well as post-breach investigation and response capabilities. By adding these additional capabilities, organizations can layer on additional levels of security to their Office 365 environments.
For many, the primary use case for Defender for Office 365 is to safeguard their organization from threats present in emails, links, or other collaboration platforms including Teams, SharePoint, and OneDrive. The solutions available span threat protection policies, real-time performance reports, and cutting-edge threat investigation and response tools.
In all, Microsoft Defender for Office 365 provides a powerful range of tools and policies that offer comprehensive protection of an organization’s entire Office 365 environment.
Microsoft Defender for Office 365 is part of the wider Microsoft 365 Defender product suite, which also includes Defender for Endpoint and Extended Detection and Response solutions. Altogether, Microsoft Defender 365 combines a variety of protection, detection, investigation and response capabilities in one central portal.
Defender for Office 365 protects and secures an organization’s Office 365 environment by detecting threats present in email and collaboration tools. The three distinct components to Defender for Office 365 each provide unique features, which can be summarized as follows:
Exchange Online Protection (EOP): prevents known, high-volume attacks.
Microsoft Defender for Office 365 Plan 1: protects against zero-day malware, phishing attacks, and email compromise.
Microsoft Defender for Office 365 Plan 2: provides post-breach tools for investigation, hunting, and response. Also comes with simulation tools for training purposes.
All Office 365 accounts (E3 or below), come with EOP, and the option to upgrade to Microsoft Defender for Office 365 Plan 1. Office 365 E5 accounts come with Defender for Office 365 Plan 2.
One of the key benefits of Defender for Office 365 is the comprehensive, native approach the software brings to managing a broad threat landscape. It’s easier for security teams to manage one unified system than coordinate a range of different tools. In addition, Defender for Office 365 offers industry leading technology, with sophisticated capabilities across the entire threat protection landscape, from prevention to response and remediation.
There are three different tiers of Defender for Office 365. Unless you’re a cybersecurity expert, choosing the right level of protection for your organization can be a tough task. To help you get started, we’ve broken down the key use cases and capabilities of each level of protection.
EOP ships included with all Office 365 enterprise packages, and primarily serves to protect Exchange Online mailboxes from broad, volume-based attacks by filtering incoming mail. The majority of the technologies included in EOP are geared towards attack prevention and detection.
When an email is received, EOP passes it through a series of filters before delivering it to the recipient’s mailbox. These include:
Only once an email has successfully passed all of these filters is it delivered to the recipient’s mailbox. Organizations can configure many of these filters to best suit their own needs, but for many, particularly Small and Medium Enterprises (SMBs), it makes most sense to stick with the default filters enabled by Microsoft.
Organizations who decide to upgrade their security stack to Microsoft Defender for Office 365 Plan 1 get all the features included in EOP, in addition to a range of other tools which help them to better prevent, detect and investigate attacks which make it past their EOP security protocols.
Some of the additional features included in Microsoft Defender for Office 365 Plan 1 include:
For end-users, both EOP and Defender for Office 365 Plan 1 focus on boosting awareness, enabling users to report suspicious messages to their security teams for analysis. All told, these tools serve to enable security teams to be much more proactive in how they protect their Office 365 environment.
Defender for Office Plan 2 offers organizations the highest level of protection for their Office 365 environments, featuring all of the security features in EOP and Plan 1, as well as an expanded suite of investigation and response tools. From a prevention and detection perspective, there are no added features, but there are a range of features that aid with the automation of complex tasks as well as end-user education.
Some of the most important features that are only available in Defender for Office 365 Plan 2 include:
These more sophisticated tools combine to enable organizations to respond to threats far more effectively, therefore significantly strengthening the overall security posture of the organization.
Microsoft Office 365 is foundational to the way that many organizations operate today, housing everything from communication tools to critical documents. It’s important for firms of all sizes to ensure that their Microsoft 365 environment is optimally configured.
For many SMBs, the best way to do this is to partner with a Managed Security Service Provider like TechHeads. At TechHeads, we’ve partnered with Microsoft to identify the highest leverage security controls available for Office 365.
When you join forces with our team, you can select from three distinct service levels, all of which feature Microsoft Defender for Office 365 Plan 2, as well as a wide range of additional security protocols and software. With a 25 year track record and a deep bench of experts across the entire Microsoft Security tool suite, our team is ready to help design, implement, and maintain a strong security infrastructure.
If you’re interested in learning more about how to best secure your Microsoft 365 environment, schedule a consultation with our experts today.