Summary

Completed

This module examined how Microsoft Defender for Office 365 extends the email protection provided by Exchange Online Protection (EOP). It does so by filtering targeted attacks that could pass through EOP’s line of defenses. These attacks include:

  • advanced threats such as zero-day attacks in email attachments and Office documents.
  • time-of-selection protection against malicious URLs.

When integrated together, EOP and Microsoft Defender for Office 365 represent the anti-malware pipeline in Microsoft 365. These products provide the most efficient level of protection against commodity and advanced targeted threats.

This module focused on two primary products within Microsoft Defender for Office 365: Safe Attachments and Safe Links.

  • Safe Attachments blocks zero-day malware in email attachments and documents.
  • Safe Links protects users from malicious URLs embedded in email and documents that point to malicious websites.

Within Safe Links, you learned how URL Detonation combines elements of Safe Links and Safe Attachments into a single feature. This feature protects users in the event a link points to a malicious file on a web server.

The module then introduced you to outbound spam filtering policies. You learned that organizations can set email sending limits within such policies. Policies can then block users who exceed these sending limits from sending email. You can unblock the users by removing them from the Restricted users page in the Microsoft Defender portal.

The module concluded by showing you how to submit messages, URLs, and attachments to Microsoft for analysis. You learned how to track the status of your submissions in the Microsoft Defender portal. You also learned what happens in the Tenant Allow/Block List when you report something to Microsoft as a false positive.